Re: [FW1] Best practice: DNS location

Fri, 13 Oct 2000 07:51:42 -0700 


Here is the link where you can download the last version of Bind for NT;

http://bind8nt.meiway.com/download.cfm

- dan
P.S: The real last version of bind is bind 9.0.0 but it's another concept.

[EMAIL PROTECTED] wrote:

> Well,
>
> SANS Instute tops the dns attack in the top ten list of vulnerabilities.
> http://www.sans.org/topten.htm
>
> You check this link out;
> http://packetstorm.securify.com/exploits/apps/bind/
>
> If you refer to the book "DNS & BIND, second edition"by Cricket Liu & Paul Albitz,
> and you READ chapter 10 "Advanced Features and Security" CAREFULLY, you can
> properly secure your dns server.Of course, you must installe the last version of
> bind, it's like any other product, you must keep up to date for many reason, like
> security!!
>
> Now, where you will place your dns server, bah...on a firewall or a dedicate
> machine, can you install the last version of bind on a NT machine( the firewall is
> on a NT machine)? if not you can put it on a dedicate machine. Of course on a
> screened network...or a dmz.....
>
> - Dan
> Will Schwartz wrote:
>
> > I would have your public DNS on a DMZ. I would house your private DNS on the
> > LAN. The Public DNS should only contain the DNS records that you absolutely
> > need to run, your internal DNS can have the rest. No one should connect to
> > your internal DNS from the outside. You can setup a forwarding on your
> > internal DNS to query your external DNS. I would never run DNS on a
> > firewall, it is too insecure. One of the most common things to hack is DNS.
> > I would dedicate a machine to it.
> >
> > HTH
> > ~will
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Chinnery Paul
> > Sent: Thursday, October 12, 2000 3:22 PM
> > To: [EMAIL PROTECTED]
> > Subject: [FW1] Best practice: DNS location
> >
> > Currently using FW 4.0 on an NT 4.0 network.
> > Our ISP wants us to install our own DNS and use them as secondary.
> > My question is where the DNS should be:  should it be on our firewall server
> > or on our internal network.  We are using NAT.
> >
> > ============================================================================
> > ====
> >      To unsubscribe from this mailing list, please see the instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ============================================================================
> > ====
> >
> > ================================================================================
> >      To unsubscribe from this mailing list, please see the instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ================================================================================
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to