Date: Mon, 3 Jul 2006 10:10:39 +0700 (ICT) From: Olivier Nicole <on@cs.ait.ac.th> To: mark@msen.com Cc: freebsd-questions@freebsd.org Subject: Re: DNS discovery / FreeBSD Firewall Message-ID: <200607030310.k633Ad6e088860@banyan.cs.ait.ac.th> In-Reply-To: <200606302344.57811.mark@msen.com> (message from Mark Moellering on Fri, 30 Jun 2006 23:44:57 -0400) References: <200606302344.57811.mark@msen.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> The questions is; How do I have the internal network machines > get the DNS server settings from the Firewall? The two scenarios I > can think of are: that the Firewall also acts as a DHCP server and > somehow set the DNS of the internal net machines to the Firewalls > resolv.conf entries; or I can have the Firewall act as a DNS > server/relay and forward the DNS requests. If your ISP keep changing their DNS server I'd suggest another solution: set your own DNS server, but on a machine different from the firewall. Just make sure that the filrewall let domain traffic (udp/53 and tcp/53) go through. And configure the firewall to use your own DNS server. DNS server needs NO resources, an old PIII 500 will do the trick. It is always a good choice to have the firewall be only a firewall and nothing else. If you add DNS on your firewall and DNS has somore vulnerabilities, your firewall would be comprimised... Bests, Olivier
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200607030310.k633Ad6e088860>