running multiple daemonized instances of BIND9.2 on Windows 2000

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Thu Nov 6 06:29:04 UTC 2003


Nick <nickjeffrey at hotmail.com> wrote:
> Danny Mayer <mayer at gis.net> wrote in message news:<bo1mnq$daa$1 at sf1.isc=
.org>...
>> At 07:01 PM 10/31/03, Nick wrote:
>> >I'm trying to provide name resolution services to 4 DMZ subnets
>> >attached to Cisco PIX NAT firewall.  My primary and secondary DNS
>> >server are both on the same DMZ subnet.
>>=20
>> That's a really bad idea. You need to keep them in separate locations
>> if you want redundancy.

> I'm aware of the redundancy issue.  We all remember how microsoft.com
> got Dos'd off the net because they had all their name servers on a
> single subnet.  However, of the four DMZ subnets, only one is under my
> control, and I don't sufficiently trust the hosts on the other subnets
> to place a name server there without being protected by a firewall.=20
> For corporate reasons, I'm forced to use a win32 solution, so no *NIX
> related suggestions please.  While this placement is not the ideal
> solution, it is the best possible compromise with the given
> environment.  And before you ask, no, I can't change the environment.

Then get out of there.
Administrating a disaster is no recepie for future income.




--=20
Peter H=E5kanson        =20
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out=
,
	   remove "icke-reklam" if you feel for mailing me. Thanx.


More information about the bind-users mailing list