Author: Graham Bleach Date: To: Hampshire LUG Discussion List Subject: Re: [Hampshire] DNS servers in DMZ's, good or bad idea ? Discuss
On 05/02/2008, Brian Chivers <brian@???> wrote: > I have been "tasked" with replacing our main internet facing DNS server and have been looking into
> the various such as chroot environments. I'd planned on using a base install of Etch as the OS
> platform.
>
> Chroot's seem like a really good idea but one thing I thought that I could do to increase security
> is to run the it in our DMZ. I can have multiple external IP addresses on our firewall so this isn't
> a problem and the just port forward port 53.
Chroots are a good idea and are extremely easy to use with recent BIND versions.
> Am I missing something, would this work and does anyone have any advice about this ??
I wouldn't offer any advice without knowing what else was in the DMZ
and if it is a nameserver for your domains or a resolver for your
client machines.
