If you company has money, you could even add an extra DMZ card into your firewall. Then you could have DNS and smtp dmz separately.
John Shi -----Original Message----- From: Morgan, Joshua [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 11:06 AM To: NT 2000 Discussions Subject: RE: Sort of OT: DMZ This is Good.... I was strictly talking about External DNS for our public Domain... It would sit on the same machine as my SMTP Server ( Exchange Server in the DMZ ) Joshua Morgan PH: (864) 250-1350 Ext 133 [EMAIL PROTECTED] http://www.profit-lab.com http://ncontrol.info -----Original Message----- From: John Shi [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 1:52 PM To: NT 2000 Discussions Subject: RE: Sort of OT: DMZ I think it should be ok. Cisco suggests to put DNS on the DMZ. If you put the DNS in the inside network, then you would need to create a static accesss-list on your firewall/router to allow the DNS traffic to go out and come in. When you have a static access list for incoming traffic to come into your inside network, you are exposing your inside network to the outside. That is why it is good to put your DNS in the DMZ. By default, Cisco firewall does not allow DMZ traffic to come into the inside network unless you specifically state it. You can configure other firewalls to do so as well. You basic allow inside to go to DMZ, but not the other way around for security reason. John Shi -----Original Message----- From: Morgan, Joshua [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 6:18 AM To: NT 2000 Discussions Subject: Sort of OT: DMZ I have an Exchange Box in my DMZ running SMTP and OWA.... Is there any known problems with Hosting DNS on it ? Joshua Morgan PROFITLAB Senior Network Engineer PH: (864) 250-1350 Ext 133 Fax: (413) 581-4936 [EMAIL PROTECTED] http://www.profit-lab.com http://ncontrol.info The greatest glory is not in never failing, but in rising up every time we fall. -- Confucius ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
