| Question:
Why can't I use names from the DNS in the firewall rules?
Answer:
DNS is an unreliable structure. If you yourself are unable to control
what is in the DNS for your domain or
if, for example, your DNS server were to temporarily go down, the firewall
would be forced to gather data from
sources that are outside its protection. If this were to happen, it would
make it possible for an intruder
to trick the firewall into opening a hole through which his own computer
could gain access. Along the same
lines, communication normally permitted to a publicly accessible server
behind the firewall could be diverted
to an entirely different machine behind the firewall, not meant to be
publicly accessible.
The DNS settings in Amaranten Firewall is only used for VPN and LDAP
servers. |