Firewall Wizards mailing list archives
Re: dns outbound
From: Larry Chin <larry () sprint ca>
Date: Mon, 17 May 1999 07:58:12 -0400 (EDT)
I think the question should be why do they want to do this ? I would suggest that you set up a split brain dns and that should solve most DNS associated problems. Basically your internal DNS ( with all the domain info ) would be configured as a slave and forward requests for DNS info that it did not have to the external DNS server ( which would only have info for exposed systems and no info for anything behind the firewall ). As for pros and cons, IMHO, there is no reason to allow it and due to the potential risk and with a split brain dns you can at least control what info is being served up to the world. Just my .02 cents worth, hope it helps =================================================================== Larry Chin {larry () sprint ca} Technical Specialist - ISC Sprint Canada 2550 Victoria Park Avenue Phone: 416.496.1644 ext. 4693 Suite 200, North York, Ontario Fax: 416.498.3507 M2J 5E6 =================================================================== On Thu, 13 May 1999, Deepak Vaidya wrote:
Hello, This is going to be a stupid question, but I hope someone can answer the question without my being flamed :-(. I have gotten a request to allow all clients behind a firewall to have unrestricted access to dns servers outside the firewall. Can I get help in coming up with pros and cons off doing that. I tried to search the archives but the search page is not working properly. I am not comfortable in allowing udp packets outbound from all systems. If it helps we are using firewall-1. Thanks - Deepak
Current thread:
- dns outbound Deepak Vaidya (May 16)
- Re: dns outbound Lance Spitzner (May 17)
- Re: dns outbound Larry Chin (May 17)
- RE: dns outbound Thomas Crowe (May 18)
- Re: dns outbound Joseph S D Yao (May 17)
- <Possible follow-ups>
- Re: dns outbound David Goldsmith (May 17)
- RE: dns outbound Buckley, Neil (May 17)
- Re: dns outbound Ryan Russell (May 17)
- Re: dns outbound Marcus J. Ranum (May 18)
- Re: dns outbound chuck (May 18)
- Re: dns outbound Ge' Weijers (May 19)
- Re: dns outbound Matt McClung (May 18)
- Re: dns outbound Darren Reed (May 18)
- Re: dns outbound Marcus J. Ranum (May 18)