Ideal location of external DNS

David Frank david at datachannel.com
Thu May 31 17:41:34 UTC 2001


 I have recently taken over for our Senior admin and have re-built all or
our internal DNS servers. Our external DNS server also resides on our
firewall (FYI). My issues are threefold. 
	
	1. The fact that we do not have redundancy is absurd, so I am going
to build an external slave name server.

	2. I need to figure out the most secure place to house the secondary
external DNS server.

	3. Is it really a good idea to have external DNS on our firewall
box?

	My question is: What is the best scenario for external DNS; DMZ
interface statically nat'd with DNS ports open through the firewall, or
internal box statically nat'd with DNS ports open.
	I realize my experience is limited and these questions might seem
trivial to some, but any assistance would be much appreciated.

Thank you,

David Frank




More information about the bind-users mailing list