Firewall Wizards mailing list archives
RE: dns outbound
From: "Frank W. Keeney" <FKeeney () hsa com>
Date: Mon, 17 May 1999 07:44:41 -0700
I don't see any advantage to this. All the needed information should be available from your internal name servers. Why do they need this access? Depending on your current security policy this could allow unrestricted access to services other than DNS. On most firewalls that I setup I don't allow any UDP from user's workstations directly to the Internet. +++++++++++++++++++++++++++++++++++++++++++++++++++++++ Frank Keeney, Network Services, Home Savings of America +1 626-814-5080 mailto:fkeeney () hsa com +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ---------- From: Deepak Vaidya [SMTP:dvaidya () clark net] Sent: Thursday, May 13, 1999 1:04 PM To: firewall-wizards () nfr net Subject: dns outbound This is going to be a stupid question, but I hope someone can answer the question without my being flamed :-(. I have gotten a request to allow all clients behind a firewall to have unrestricted access to dns servers outside the firewall. Can I get help in coming up with pros and cons off doing that. I tried to search the archives but the search page is not working properly. I am not comfortable in allowing udp packets outbound from all systems. If it helps we are using firewall-1.
Current thread:
- Re: dns outbound, (continued)
- Re: dns outbound Ge' Weijers (May 19)
- Re: dns outbound Matt McClung (May 18)
- Re: dns outbound Darren Reed (May 18)
- Re: dns outbound Bennett Todd (May 19)
- Re: dns outbound Robert Graham (May 17)
- Re: dns outbound Deepak Vaidya (May 17)
- Re: dns outbound wyllys (May 18)
- Re: dns outbound David Gillett (May 19)
- Re: dns outbound wyllys (May 21)
- Re: dns outbound Bennett Todd (May 19)