Installing bind is not very clear for me

sthaug at sthaug at
Fri Sep 4 19:29:56 UTC 2015

> One Firewall should be enough.
> So, what you consider this firewall should do ?
> In my opinion:
> Block requests coming from a blacklist (Who will generate this list ?)
> Block denial of service requests. It needs to measure the requests rate 
> to detects when is under attack.
> Block port scanners on publics ips.

Before you put a firewall in front of a public facing name server,
you might want to consider slide 16 of the following presentation:

The slide headline is "Stateful firewalls in front of servers
considered harmful!" - and the author has ample arguments for his
point of view.

Steinar Haug, Nethelp consulting, sthaug at

More information about the bind-users mailing list