Firewall Wizards mailing list archives

Re: IP over DNS.

From: Darren Reed <avalon () coombs anu edu au>
Date: Wed, 13 Sep 2000 11:26:24 +1100 (Australia/NSW)

In some mail from Alex Goldney, sie said:




Well,
     you could avoid a full proxy based firewall, you just need to ensure
you use a split DNS configuration with appropriately crafted PF rules to
ensure all DNS traffic must go through your DNS proxy.  That doesn't
preclude you from letting other traffic in/out without proxying.  Of course,
you might still want to use a proxy based firewall in any case :-)


A DNS proxy will pass the IP over DNS packets just fine, back and forth.
There could be half a dozen named's linked together as "forwarders" and
it will still work.

Darren

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

IP over DNS. Darren Reed (Sep 12)
- Re: IP over DNS. Ryan Russell (Sep 13)
- Re: IP over DNS. Mikael Olsson (Sep 13)
- Re: IP over DNS. Matt Cramer (Sep 13)
  - Re: IP over DNS. Darren Reed (Sep 16)
- <Possible follow-ups>
- Re: IP over DNS. Alex Goldney (Sep 13)
  - Re: IP over DNS. Darren Reed (Sep 13)
- RE: IP over DNS. Frank Knobbe (Sep 16)
- RE: IP over DNS. Bill_Royds (Sep 18)
  - Re: IP over DNS. Darren Reed (Sep 19)