Internal roots and Internet access ?
Simon Waters
Simon at wretched.demon.co.uk
Sat Mar 23 13:35:52 UTC 2002
"Seifert, Reinhold (EDP Sys.)" wrote:
>
> Now we are going to replace our proxying firewall by packet-filtering
> firewalls.
And they call it progress ;(
> This introduces the need that at least part of the internal clients will be
> able to resolve Internet names.
Deploy a web proxy in the DMZ of the firewall sounds like a good
plan to me ;)
If the firewall can't proxy, you can at least do the decent
thing, and deploy servers that can help enforce the security
policy.
That said if you already have 5+ different DNS server types,
perhaps it is time to redo the DNS anyway.
More information about the bind-users
mailing list