Firewall Wizards mailing list archives

Re: DNS -vs- the firewall: security thoughts

From: Bennett Todd <bet () rahul net>
Date: Thu, 12 Mar 1998 04:56:17 -0800

1998-03-11-21:37:39 Joe Ippolito:

[...] The clients do not need to be configured for an external 
DNS only the proxy.  The proxy does the external lookups for them.


Certainly, that's normal DNS w/ firewall. That's what I'm hoping to
tighten up.

 Obviously if they cannot resolve external hosts at all they will not be 
able to access anything outside without knowing the IP address.


Not obvious at all. I don't need to know the IP address of a host if the
only operations my client does involve passing the _name_ of that host
to the firewall. I don't have IP connectivity to any of those addresses
anyway.

-Bennett

Current thread:

Re: NTp config - for the databases :}, (continued)
- - - Re: NTp config - for the databases :} Joseph S. D. Yao (Mar 13)
    - Re: NTp config - for the databases :} John Painter (Mar 14)
    - Firewall Audit Programme/checklist Bret Watson (Mar 16)
    - Re: Firewall Audit Programme/checklist Marcus J. Ranum (Mar 16)
    - Re: Firewall Audit Programme/checklist Chad Schieken (Mar 16)
    - Re: Firewall Audit Programme/checklist Bret Watson (Mar 17)
    - Re: Firewall Audit Programme/checklist Marcus J. Ranum (Mar 17)
    - Re: Firewall Audit Programme/checklist blast (Mar 17)
    - Re: Firewall Audit Programme/checklist tqbf (Mar 16)
    - Re: Firewall Audit Programme/checklist kant (Mar 16)
- Re: DNS -vs- the firewall: security thoughts Bennett Todd (Mar 12)
- RE: DNS -vs- the firewall: security thoughts Itai Dor-on (Mar 12)
- RE: DNS -vs- the firewall: security thoughts Joe Ippolito (Mar 12)
  - Re: DNS -vs- the firewall: security thoughts Bennett Todd (Mar 12)
- RE: DNS -vs- the firewall: security thoughts Joe Ippolito - President SVNPA (Mar 12)
- RE: DNS -vs- the firewall: security thoughts Joe Ippolito (Mar 13)