Date: Wed, 21 Apr 1999 10:13:33 -0600 From: Scott Brown <skb@asgard.slcc.edu> To: freebsd-questions@freebsd.org Subject: DNS through a firewall Message-ID: <371DF92D.1C74@asgard.slcc.edu>
next in thread | raw e-mail | index | archive | help
I've set up a 2.2.5 machine for firewall duty between my LAN and the
world, using plain old kernel filtering (ipfw). I'm using the approach
of denying everything that isn't explicitly allowed. Everything is
great, it all works just fine.
However, I'd like to know more about how DNS works. Since my firewall
is also a secondary DNS for our domain, I included in my ruleset the
three DNS rules from the "simple" rc.firewall section, though I had to
modify the 2nd and 3rd rules (by replacing "${oip}" with "any") before
my workstations could do name lookups.
I'm satisfied for the moment with this setup -- my firewall is less
about securing my machines than about preventing my users from abusing
their network access -- but I'd really like to know more about the
comings and goings of packets during DNS queries, and how named
communicates with its primary. I've asked my supervisor to buy the ORA
grasshopper and doorway books for me, but any tips in the meantime would
be appreciated.
Thanks,
-Scott
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?371DF92D.1C74>