[dns-operations] DNS NAT Translation Timeouts
Jason Fesler
jfesler at yahoo-inc.com
Thu Jul 31 00:51:25 UTC 2008
On Jul 30, 2008, at 5:01 PM, Brian Dickson wrote:
> Yes, it will give security guys conniptions, but that is what DMZs
> are *for*. If the firewall
> can't do blind forwarding of UDP with no state, it deserves to be
> bypassed...
... after a careful audit of anything else on the host that is also
using UDP, and also making sure that the host won't run future
applications that use UDP, or can withstand being on the open
internet. Checking with lsof/netstat and rpcinfo -p would be prudent.
More information about the dns-operations
mailing list