On Wed, Feb 6, 2008 at 09:02:00 +0000 (+0000), Brian Chivers wrote:
> Thinking about it I could put two netcards in the box and have one
> connected to the DMZ so I have ssh access to the box and then one
> on the internet facing side with only BIND bound on (think this
> is possible) to limit exposure.
It's worth highlighting that obvious if this box is compromised people
have access to the DMZ. If you have a proper firewall then you've
weakened security (compared to putting the box in the DMZ and just
telling the firewall to allow connections to port 53 (tcp and udp) on
that box).
Adrian
--
Email: adrian@??? -*- GPG key available on public key servers
Debian GNU/Linux - the maintainable distribution -*-
www.debian.org
