[isp-dns] Re: Concerns about high Load

I'd go with 1. edge firewall with only public ip routing and packet filtering, not NAT/PAT. 2. behind which is a DMZ on a public subnet containing a. the MX machine with anti-mail abuse stuff, and a c-o DNS. This DNS would also act as resolver for the private network. the DNS should allow-query only for the DMZ and outside ip of the inner firewall. b. public web server c. a delegated-only DNS, ie, no recursion. 3. inner firewall doing PAT/NAT, and packet filtering. the private net would contain a. mailbox server, with port 25 access blocked by the outer firewall, and which relays all outbound the MX box in the DMZ. b. perhaps a caching-only DNS to support the private net, and which forwards to the DNS in the DMZ. But the workstations could use the DMZ DNS as their nameserver. The above "DNS forwarding architecture" avoids the complexity of split DNS, forward and reverse. And it certainly makes hardening the classic double-walled firewalling simpler because the inner and outer filtering boxes are running no apps or services beyond the minimum.

What were you saying about wasting money =] A quick synopsis again: Mailbox server has: pop3, imap, http, storage. MX Gateway has: restricted DNS, smtp, av, port forwarding to above services. The MX/firewall is only a firewall for the one mailstore server nothing else, no workstations etc... The DNS config has restriced accessibility for recursion and zone transfers, even to boxes on our network. Effectively it is a secondary only for delegation as you said and caching for itself and one server. I see how the above scenario would be good but I think that its a bit of an overkill in our situation. I will employ a few things you have said. I havn't just ignored everything =] Thanks for your help. Matt

Solutions

Whitepapers and eBooks
Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape? Microsoft Article: BitLocker Encryption on Windows Server 2008 Go Parallel Article: Intel Thread Checker, Meet 20 Million LOC IBM Whitepaper: Innovative Collaboration to Advance Your Business Internet.com eBook: Real Life Rails Avaya Article: Call Control XML - Powerful, Standards-Based Call Control Tripwire Whitepaper: Seven Practical Steps to Mitigate Virtualization Security Risks Internet.com eBook: The Pros and Cons of Outsourcing Internet.com eBook: Best Practices for Developing a Web Site		IBM CXO Whitepaper: The 2008 Global CEO Study "The Enterprise of the Future" Avaya Article: Call Control XML in Action - A CCXML Auto Attendant Go Parallel Article: James Reinders on the Intel Parallel Studio Beta Program IBM CXO Whitepaper: Unlocking the DNA of the Adaptable Workforce--The Global Human Capital Study 2008 Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers Go Parallel Article: Getting Started with TBB on Windows HP eBook: Storage Networking , Part 1 MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts
Go Parallel Video: Intel(R) Threading Building Blocks: A New Method for Threading in C++ HP Video: Is Your Data Center Ready for a Real World Disaster? Microsoft Partner Portal Video: Microsoft Gold Certified Partners Build Successful Practices HP On Demand Webcast: Virtualization in Action Go Parallel Video: Performance and Threading Tools for Game Developers		Rackspace Hosting Center: Customer Videos Intel vPro Developer Virtual Bootcamp HP Disaster-Proof Solutions eSeminar HP On Demand Webcast: Discover the Benefits of Virtualization MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits
Microsoft Download: Silverlight 2 Software Development Kit Beta 2 30-Day Trial: SPAMfighter Exchange Module Red Gate Download: SQL Toolbelt		Iron Speed Designer Application Generator Microsoft Download: Silverlight 2 Beta 2 Runtime MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos
IBM IT Innovation Article: Green Servers Provide a Competitive Advantage Microsoft Article: Expression Web 2 for PHP Developers--Simplify Your PHP Applications		MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES