firewall + dns secondary
On Saturday 21 June 2008, James wrote:
> I'm adding primary and secondary name servers to my small (5
> static) ip network.
> Are there any security reasons that I should not run the secondary
> (Bind) name server on the firewall (iptables) directly?
Well, security holes have been discovered in bind in the past - and
there are no reasons to assume none will be found in the future. ;-)
Once your firewall is compromised, your whole network is under
Though the risk is probably small, you can avoid it easily. Rund bind
on one of the boxes behind your firewall. Forward port 53 from your
fw to that box. Announce your FW as the secondary name server.
Ignorance killed the cat, sir, curiosity was framed!
firstname.lastname@example.org mailing list