RE: dns outbound

["Frank W. Keeney" <FKeeney () hsa com>]

I don't see any advantage to this. All the needed information should be
available from your internal name servers. Why do they need this access?

Depending on your current security policy this could allow unrestricted
access to services other than DNS. On most firewalls that I setup I
don't allow any UDP from user's workstations directly to the Internet.



+++++++++++++++++++++++++++++++++++++++++++++++++++++++
Frank Keeney, Network Services, Home Savings of America
+1 626-814-5080 mailto:fkeeney () hsa com
+++++++++++++++++++++++++++++++++++++++++++++++++++++++


        ----------
        From:  Deepak Vaidya [SMTP:dvaidya () clark net]
        Sent:  Thursday, May 13, 1999 1:04 PM
        To:  firewall-wizards () nfr net
        Subject:  dns outbound


        This is going to be a stupid question, but I hope someone can
answer the
        question without my being flamed :-(.

        I have gotten a request to allow all clients behind a firewall
to have
        unrestricted access to dns servers outside the firewall.  

        Can I get help in coming up with pros and cons off doing that.
I tried to
        search the archives but the search page is not working properly.

        I am not comfortable in allowing udp packets outbound from all
systems.
        If it helps we are using firewall-1.