Date: Sat, 12 Feb 2000 11:39:13 -0500 (EST) From: Jim Flowers <jflowers@ezo.net> To: Gene Harris <zeus@tetronsoftware.com> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: DSL firewall and DNS Message-ID: <Pine.BSI.3.91.1000212112413.27700A-100000@lily.ezo.net> In-Reply-To: <Pine.BSF.4.10.10002120945480.90025-100000@tetron02.tetronsoftware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I didn't get in on the beginning of this but from what I have read it doesn't seem to be too difficult. You can easily set up dns records for your internal private IP numbers and hosts on your network will use them just fine. It is probably best to use your ISP (and his two servers) for external dns but you can also roll your own public IP dns using the ISP for the secondary server. That way you can edit your own records. One way or another, you have to register if you want the world to find them. Two servers on one host? I have never tried this because hardware is so cheap and FreeBSD works so well but I don't think it should be a problem. Set your outside dns process to listen to port 5353 and your inside dns to listen to port 53. Then just use natd -redirect_port to match packets coming in on your outside interface and change the port to 5353. Then you need two different sets of information so use -b flag to identify the appropriate boot file. Use the lo0 interface and/or natd along with /etc/resolv.conf to determine which the dns host will use when acting as a client. Or, if you don't care about what information you give the public, just run one dns server including both public and private addresses, they can't use the private ones for much, anyway. But I would still buy another $400 box. Jim Flowers <jflowers@ezo.net> #4 ISP on C|NET, #1 in Ohio To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.91.1000212112413.27700A-100000>