running multiple daemonized instances of BIND9.2 on Windows 2000
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Thu Nov 6 06:29:04 UTC 2003
Nick <nickjeffrey at hotmail.com> wrote:
> Danny Mayer <mayer at gis.net> wrote in message news:<bo1mnq$daa$1 at sf1.isc=
.org>...
>> At 07:01 PM 10/31/03, Nick wrote:
>> >I'm trying to provide name resolution services to 4 DMZ subnets
>> >attached to Cisco PIX NAT firewall. My primary and secondary DNS
>> >server are both on the same DMZ subnet.
>>=20
>> That's a really bad idea. You need to keep them in separate locations
>> if you want redundancy.
> I'm aware of the redundancy issue. We all remember how microsoft.com
> got Dos'd off the net because they had all their name servers on a
> single subnet. However, of the four DMZ subnets, only one is under my
> control, and I don't sufficiently trust the hosts on the other subnets
> to place a name server there without being protected by a firewall.=20
> For corporate reasons, I'm forced to use a win32 solution, so no *NIX
> related suggestions please. While this placement is not the ideal
> solution, it is the best possible compromise with the given
> environment. And before you ask, no, I can't change the environment.
Then get out of there.
Administrating a disaster is no recepie for future income.
--=20
Peter H=E5kanson =20
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out=
,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list