Firewall Wizards mailing list archives
Re: DNS -vs- the firewall: security thoughts
From: Bennett Todd <bet () rahul net>
Date: Thu, 12 Mar 1998 04:56:17 -0800
1998-03-11-21:37:39 Joe Ippolito:
[...] The clients do not need to be configured for an external DNS only the proxy. The proxy does the external lookups for them.
Certainly, that's normal DNS w/ firewall. That's what I'm hoping to tighten up.
Obviously if they cannot resolve external hosts at all they will not be able to access anything outside without knowing the IP address.
Not obvious at all. I don't need to know the IP address of a host if the only operations my client does involve passing the _name_ of that host to the firewall. I don't have IP connectivity to any of those addresses anyway. -Bennett
Current thread:
- Re: NTp config - for the databases :}, (continued)
- Re: NTp config - for the databases :} Joseph S. D. Yao (Mar 13)
- Re: NTp config - for the databases :} John Painter (Mar 14)
- Firewall Audit Programme/checklist Bret Watson (Mar 16)
- Re: Firewall Audit Programme/checklist Marcus J. Ranum (Mar 16)
- Re: Firewall Audit Programme/checklist Chad Schieken (Mar 16)
- Re: Firewall Audit Programme/checklist Bret Watson (Mar 17)
- Re: Firewall Audit Programme/checklist Marcus J. Ranum (Mar 17)
- Re: Firewall Audit Programme/checklist blast (Mar 17)
- Re: Firewall Audit Programme/checklist tqbf (Mar 16)
- Re: Firewall Audit Programme/checklist kant (Mar 16)
- Re: DNS -vs- the firewall: security thoughts Bennett Todd (Mar 12)