> One Firewall should be enough.
> So, what you consider this firewall should do ?
> In my opinion:
> Block requests coming from a blacklist (Who will generate this list ?)
> Block denial of service requests. It needs to measure the requests rate
> to detects when is under attack.
> Block port scanners on publics ips.
Before you put a firewall in front of a public facing name server,
you might want to consider slide 16 of the following presentation:
https://app.box.com/s/a3oqqlgwe15j8svojvzl
The slide headline is "Stateful firewalls in front of servers
considered harmful!" - and the author has ample arguments for his
point of view.
Steinar Haug, Nethelp consulting, sth...@nethelp.no
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
