[73264] in North American Network Operators' Group
Re: Summary with further Question: Domain Name System protection
daemon@ATHENA.MIT.EDU (sthaug@nethelp.no)
Tue Aug 17 15:33:22 2004
To: vgill@vijaygill.com
Cc: nanog@merit.edu
From: sthaug@nethelp.no
In-Reply-To: Your message of "Tue, 17 Aug 2004 19:21:15 +0000"
Date: Tue, 17 Aug 2004 21:32:28 +0200
Errors-To: owner-nanog-outgoing@merit.edu
> > this should be pushed to
> > the router. don't waste CPU cycles
> > on the Nameserver.
>
> Hosts tend to be a faster writeoff cycle than routers in companies I've
> worked at, therefore getting the benefit of moores law about 25% faster
> than the routers. Turn on firewalling in the host.
If you have a choice between access lists on a software forwarding
based router and firewall on a host, this may be a good choice. If
your routers have hardware forwarding, I'd go for the router every
time...
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
