Author: Brian Chivers Date: To: adrian, Hampshire LUG Discussion List CC: Subject: Re: [Hampshire] DNS servers in DMZ's, good or bad idea ? Discuss
Adrian Bridgett wrote: > On Wed, Feb 6, 2008 at 09:02:00 +0000 (+0000), Brian Chivers wrote:
>> Thinking about it I could put two netcards in the box and have one
>> connected to the DMZ so I have ssh access to the box and then one
>> on the internet facing side with only BIND bound on (think this
>> is possible) to limit exposure.
>
> It's worth highlighting that obvious if this box is compromised people
> have access to the DMZ. If you have a proper firewall then you've
> weakened security (compared to putting the box in the DMZ and just
> telling the firewall to allow connections to port 53 (tcp and udp) on
> that box).
>
> Adrian
Mmm, yet again good advice, I'll have to have a think.
Brian
------------------------------------------------------------------------------------------------
The views expressed here are my own and not necessarily
