Firewall Wizards mailing list archives
RE: DNS -vs- the firewall: security thoughts
From: Joe Ippolito <joe () joesnet com>
Date: Thu, 12 Mar 1998 07:39:58 -0800
It sounds like you are doing a protocol conversion which takes a special Winsock. This is something that I have wholeheartedly avoided due to compatibility issues with applications using it. Address translation and private addresses is much cleaner in my opinion. -----Original Message----- From: Bennett Todd [SMTP:bet () rahul net] Sent: Thursday, March 12, 1998 4:56 AM To: joe () joesnet com Cc: 'Bennett Todd'; Bret Watson; firewall-wizards () nfr net Subject: Re: DNS -vs- the firewall: security thoughts 1998-03-11-21:37:39 Joe Ippolito:
[...] The clients do not need to be configured for an external DNS only the proxy. The proxy does the external lookups for them.
Certainly, that's normal DNS w/ firewall. That's what I'm hoping to tighten up.
Obviously if they cannot resolve external hosts at all they will not be able to access anything outside without knowing the IP address.
Not obvious at all. I don't need to know the IP address of a host if the only operations my client does involve passing the _name_ of that host to the firewall. I don't have IP connectivity to any of those addresses anyway. -Bennett
Current thread:
- Firewall Audit Programme/checklist, (continued)
- Firewall Audit Programme/checklist Bret Watson (Mar 16)
- Re: Firewall Audit Programme/checklist Marcus J. Ranum (Mar 16)
- Re: Firewall Audit Programme/checklist Chad Schieken (Mar 16)
- Re: Firewall Audit Programme/checklist Bret Watson (Mar 17)
- Re: Firewall Audit Programme/checklist Marcus J. Ranum (Mar 17)
- Re: Firewall Audit Programme/checklist blast (Mar 17)
- Re: Firewall Audit Programme/checklist tqbf (Mar 16)
- Re: Firewall Audit Programme/checklist kant (Mar 16)
- Re: DNS -vs- the firewall: security thoughts Bennett Todd (Mar 12)