[Dshield] Does anyone know if this can work

Josh Cheney jcheney at mfx.net
Sun Dec 23 02:58:56 GMT 2007 

Alternatively, what you could do is set up all public facing DNS servers
in this fashion, only configured as slaves to masters. The masters can
then be firewalled off in such a way as to only be reachable from the
LiveCD slaves or from your management network. With this in place, you
can have the slaves configured to sync over the correct zones and
configurations every so often (or just at boot time), saving you from
having to burn a new CD every time you add a host, while still giving
you a clean slate every time you boot off the CD.

Sahli, Mike wrote:
> Hello
> Currently I am running Bind on a windows box for my external DNS. I want
> to make my dns bullet proof. My thoughts are get a Linux distro that can
> run from a booted cd and reconfigure it to only run dns that way the
> files for my zones can not be changed. Now I figure that I will have to
> keep a copy of the iso and edit the files in the iso when ever I need to
> make a change then re burn the iso and boot to the new cd but I do not
> need to make changes that often maybe once every two or three months if
> that. Any thoughts and guidance will be appreciated. 
> 
> Michael D Sahli
> Sr. Network Engineer
> Lockheed Martin IT @ SMECO
> 301-274-4344
> 
> 
> 
> **********************************************************************
> The information contained in this communication may be confidential, is intended only for the use of the recipient named above, and may be legally privileged.  If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited.  If you have received this communication in error, please re-send this communication to the sender and delete the original message and any copy of it from your computer system. 
> 
> SMECO embraces a culture of mutual respect, acceptance, and appreciation in which we value our differences.
> 
> Thank you.
> 
> http://www.smeco.coop
> **********************************************************************
> 
> 
> _________________________________________
> SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze up north if you can be in New Orleans.  http://www.sans.org/info/15826
> 

-- 
Josh Cheney
josh.cheney at gmail.com
http://www.joshcheney.com

More information about the list mailing list