I am setting up a new DMZ on my personal home net. I have commercial fw experience. However, the personal net uses linux and iptables. It requires command-line config and is more involved to get it right. I have a tested fw script and am ready to cut over, however I have a few remaining services to configure to get the whole thing working as I want. Specifically DNS in the DMZ. Do you think I should house official DNS (and possibly official sendmail in the future) on the fw box in split-level mode or another separate box (P266, 192MB)? The www host is a Solaris8 machine with 512MB. My cable ISP will not host DNS without fee. This is just a small home web and photos for family, but allowing the whole world at it with public exposure requires me to provide the real features needed along with the real security.
info: iptables on redhat 2.6 www in dmz on solaris 8 internal dns caching host