Firewall Wizards mailing list archives
RE: DNS -vs- the firewall: security thoughts
From: Itai Dor-on <silicom () netvision net il>
Date: Thu, 12 Mar 1998 15:56:28 +0200
-----Original Message----- From: Joe Ippolito - President SVNPA [SMTP:joe () joesnet com] To: 'Bennett Todd'; Bret Watson Cc: firewall-wizards () nfr net Subject: RE: DNS -vs- the firewall: security thoughts I use MS Proxy. The clients do not need to be configured for an external DNS only the proxy. The proxy does the external lookups for them. Obviously if they cannot resolve external hosts at all they will not be able to access anything outside without knowing the IP address. The clients do need to be configured for an external DNS if they utilize the Winsock Proxy as it's sole function is to relay Winsock 1.1 calls on behalf of the client initiating the request. The Web Proxy module is a CERN compatible Proxy agent which fully acts on behalf of the client thus performing name resolution for the HTTP CERN Type calls. Furthermore The Web Proxy module is the only module in the package whose functionality can be extended by using ISAPI. Cheers, Itai Dor-on
Current thread:
- Re: NTp config - for the databases :}, (continued)
- Re: NTp config - for the databases :} John Painter (Mar 14)
- Firewall Audit Programme/checklist Bret Watson (Mar 16)
- Re: Firewall Audit Programme/checklist Marcus J. Ranum (Mar 16)
- Re: Firewall Audit Programme/checklist Chad Schieken (Mar 16)
- Re: Firewall Audit Programme/checklist Bret Watson (Mar 17)
- Re: Firewall Audit Programme/checklist Marcus J. Ranum (Mar 17)
- Re: Firewall Audit Programme/checklist blast (Mar 17)
- Re: Firewall Audit Programme/checklist tqbf (Mar 16)
- Re: Firewall Audit Programme/checklist kant (Mar 16)
- Re: DNS -vs- the firewall: security thoughts Bennett Todd (Mar 12)