gpg: failed to create temporary file '/var/lib/lurker/.#lk0x57f01100.hantslug.org.uk.25704': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Tue Feb 5 21:53:51 2008 GMT
gpg: using DSA key 2099B64CBF15490B
gpg: Can't check signature: No public key
Hi Brian,
On Tue, Feb 05, 2008 at 04:19:55PM +0000, Brian Chivers wrote:
> Chroot's seem like a really good idea but one thing I thought that I could
> do to increase security is to run the it in our DMZ. I can have multiple
> external IP addresses on our firewall so this isn't a problem and the just
> port forward port 53.
>
> Am I missing something, would this work and does anyone have any advice
> about this ??
Yes it will work, and yes it is a typical use of a DMZ (putting
machines that must access the external network and provide services
to the internal network into a DMZ of their own).
You may want to create a separate DMZ just for this, to keep such
servers separate from hosts in a DMZ because they are providing
services to external networks. On the othe rhand if you're talking
about authoritative DNS servers then that is a conventional use-case
for a DMZ since these servers generally provide services to the
external network.
You will certainly want to make sure that the DNS servers can't get
to the internal network.
Cheers,
Andy
