Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DNS Best Practices Question

from [Dan Swanson] Network Security [Permanent Link]
Subject: Re: DNS Best Practices Question
Date: Mon, 22 Nov 2004 13:05:18 -0500 
Richard-

When a DNS request comes in we have it forward from internal interface to external interface. The external DNS servers then sends the request to one of three main DNS servers at our ISP

I would allow your external DNS to perform root DNS queries. This could significantly speed up the process, (depending on the load of your ISP) and allow you more control over your networks' reliability. DNS queries are not intensive tasks and any box you place on the "outside" of your network would be able to do this on a large scale without performance issues for up to 3000 nodes. I would make this a caching only server and obviously would not host your company's DNS records outside of the firewall, but a caching-only server would work great in this config as long as it is hardened. If you wanted more reliability, you could place another server next to the existing one or tier a caching server "inside" each protected network.

I would recommend finding a way to move this external box behind a firewall of some kind if possible... from a security best practices perspective...

Just a few thoughts...


Dan Swanson
dan@as.net

A consultant is a person who borrows your watch, tells you what time it is, pockets the watch, and sends you a bill for it. - Unknown


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Pix Alias command help needed., Andrew Shore
Next by Date:  Re: DNS Best Practices Question, Robert Hajime Lanning
Previous by Thread:  DNS Best Practices Question, Richard St John
Next by Thread:  Re: DNS Best Practices Question, Robert Hajime Lanning
Indexes:  [Date] [Thread] [Top] [All Lists]