Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DNS Best Practices Question

from [Ray Franklin] Network Security [Permanent Link]
Subject: Re: DNS Best Practices Question
Date: Mon, 22 Nov 2004 13:08:24 -0500 (GMT-05:00) 
Richard, 

If I understand this correctly you are forwarding a DNS requests to a DNS 
server you have setup on the outside of your firewall, which then forwards the 
request to your ISP's DNS servers? 

I think you can eliminate your external DNS server, and just have your internal 
DNS servers looking at the Internet Root Servers, and bypass all the middle 
men. 

Your internal DNS server should of course handle all the requests of your 
internal network, and anything your internal DNS servers dont know they can get 
from the Root Servers. 

Ray Franklin 
Network Administrator
ASHRAE Inc



-----Original Message-----
From: Richard St John <Richard.StJohn@gbe.com>
Sent: Nov 19, 2004 4:25 PM
To: firewalls@securityfocus.com
Subject: DNS Best Practices Question

Good afternoon list, 

Currently we have 3 firewalls that are sending outbound traffic to the 
Internet. 

When a DNS request comes in we have it forward from internal interface to 
external interface. The external DNS servers then sends the request to one of 
three main DNS servers at our ISP

Well, yesterday all three of the DNS servers at our ISP had major issues and it 
caused DNS related issues within the company. As a result several discussions 
were held as to the industries Best Practice on this.

What is the current thoughts on "Best Practice" for this. Should we forward the 
DNS request to these other servers, or should we have the firewalls do the work 
themselves? What is the industry doing?

Your thoughts and comments would be appreciated.

Richard St. John
Graybar Electric Company
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: freeware/open source monitor for attempts, Dan Swanson
Next by Date:  IP assignment breakdown by country, Shaffer, Bruce
Previous by Thread:  Re: DNS Best Practices Question, sam
Next by Thread:  Re: DNS Best Practices Question, Fabrice Aubry
Indexes:  [Date] [Thread] [Top] [All Lists]