[NTLUG:Discuss] opinions on where to run DNS server..... firewallvs main server.
MadHat
madhat at unspecific.com
Wed Mar 1 06:58:07 CST 2000
Jonathan Miller wrote:
>
> Well if you are only going to be using it to look up address then by all
> means put it on the inside of the firewall. That is of course if when you
> say firewall you mean firewall and not router (which a surprising number
> of people do). If you expect people to actually be able to reach the box
> from the outside world to resolve domains that you are in charge of you'll
> need to keep it visible to the network.
>
> DNS is a very light chore, so I wouldn't worry about putting it on the
> 486.
>
> However, even if you really want to set up the DNS machine on the other
> side of the fire wall, don't. UDP is a royal pain in the ass to police
> with ipchains. And if you're doing masq'ing then your SOL anyhow.
I am curious why you say this? How is policing UDP any differant from
TCP, it is still based on IP and port, so why is it more dificult? And
I don't understand the comment about the masq'ing, why would someone be
SOL, what do you mean? (yes, I know what SOL is, I just don't
understand why you say that).
--
%_=split';','f; Perl ;h;st a;o;ker;@;not;.;hac;u;her;d;ju';
print map $_{$_}, split //,
'madhat at unspecific.com'
# aka Lee Heath, but don't tell anyone.
More information about the Discuss
mailing list