[dns-operations] DNS NAT Translation Timeouts

Jason Fesler jfesler at yahoo-inc.com
Thu Jul 31 00:51:25 UTC 2008

On Jul 30, 2008, at 5:01 PM, Brian Dickson wrote:

> Yes, it will give security guys conniptions,  but that is what DMZs  
> are *for*. If the firewall
> can't do blind forwarding of UDP with no state, it deserves to be  
> bypassed...

... after a careful audit of anything else on the host that is also  
using UDP, and also making sure that the host won't run future  
applications that use UDP, or can withstand being on the open  
internet.  Checking with lsof/netstat and rpcinfo -p would be prudent.

More information about the dns-operations mailing list