|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Gerhard Sittig (Gerhard.Sittig
gmx.net)Date: Wed Mar 28 2001 - 13:01:44 CST
On Wed, Mar 28, 2001 at 14:54 +0200, Markus Gaugusch wrote:
> > What is the reason for installing pri dns server in a self
> > owned DMZ and sec dns server at the isp?
> Convenience - you can manipulate the zones easier.
> > If the firewall ist not stateful this enables inet users to
> > do dns probes on tcp 53 and other worse things.
> why? you can block tcp port 53 for everyone except the ip of
> the secondary NS.
Plus any decent name server software lets you control who's able
to do transfers (independent on who's allowed to query you by
means of TCP). Remember, DNS queries don't run on UDP only!
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittiggmx.net
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]