On Tue, Feb 5, 2008 at 19:28:02 +0000 (+0000), Simon Capstick wrote:
> I thought the purpose of a DMZ was to stop or limit the 'rot'
> should a host in the DMZ be compromised. Ideally you would have a
> DMZ for each server so that traffic between them is strictly
> defined and stops you from having one big soft spot (lots of
> servers in one DMZ).
It's two fold really. If you have this:
Internet - perimeter firewall - DMZ - internal firewall - internal network
Then the perimeter firewall protects boxes in the DMZ. The internal
firewall (which ideally is a different vendor from the perimeter
firewall in case of firewall vulnerabilities) protects the internal
network in case a DMZ box is hacked.
_AND_ DMZ boxes should be hardened too compared to servers on the
internal network.
FWIW we run DNS in the DMZ with views (one view for external queries
(i.e. those from the internet) and one view for internal queries
(those from our boxes)).
We _could_ put the internal DNS on a DNS box in the internal network,
but then a) that involves poking a hole in the internal firewall, b)
if that box is compromised, they have their mitts on the internal
network which is very bad.
Running bind chroot'ed (and as a non-root user) is a good thing
though. Also watch the security list of your distribution for updates
- BIND has had its fair share.
Adrian
--
Email: adrian@??? -*- GPG key available on public key servers
Debian GNU/Linux - the maintainable distribution -*-
www.debian.org
