DNS on Firewalls

Previous page
Table of content
Next page

A firewall is very security sensitive. If you're going to run BIND on your firewall, and some firewall solutions recommend this, you should secure your BIND in every way. In addition, you especially should run it in a chroot environment and with changed user and group IDs, as discussed earlier in this chapter.

If you run DNS on your firewall, it is usually used as a proxy for the internal DNS servers. This way, your internal DNS servers never talk to outside servers, and any DNS attacks can be directed at only the firewall, which is the point of a firewall, of course. The downside is that, unless your firewall is redundant, this is a single point of failure in your DNS. However, if your firewall fails, you won't have Internet connectivity either, so it's not a new single point of failure.

If your firewall is acting as a proxy and its internal address is 192.168.55.1, you should have the following configuration on your internal DNS servers:

 options {     …     forward only;     forwarders {192.168.55.1; };     … };

This directs all queries to the firewall DNS and enables you to install quite restrictive DNS firewall rules.

Previous page
Table of content
Next page
The Concise Guide to DNS and BIND
The Concise Guide to DNS and BIND
ISBN: 0789722739
EAN: 2147483647
Year: 1999
Pages: 183
Authors: Nicolai Langfeldt
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
Certified Ethical Hacker Exam Prep
Image Processing with LabVIEW and IMAQ Vision
Twisted Network Programming Essentials
Special Edition Using FileMaker 8
Python Standard Library (Nutshell Handbooks) with
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy