Date: Sun, 01 Jun 2003 15:56:47 -0400 From: Chuck Swiger <cswiger@mac.com> To: freebsd-net@freebsd.org Subject: Re: ipfw and hostnames Message-ID: <3EDA5A7F.6060204@mac.com> In-Reply-To: <008f01c32875$c210c730$812a40c1@PETEX31> References: <001f01c32831$296b9210$812a40c1@PETEX31> <3EDA498D.3000307@mac.com> <008f01c32875$c210c730$812a40c1@PETEX31>
next in thread | previous in thread | raw e-mail | index | archive | help
Petri Helenius wrote: [ ...using DNS in firewall rules... ] > I know that, I control the domains and additionally they are for non-critical > resources like NTP access. OK: it's good to keep your firewall clocks syncronized. External NTP servers are best accessed by name, agreed. So run a NTP server on your local net, not on a firewall, which uses DNS to refer to higher-stratum NTP sources. Have your firewall refer to the local NTP server by IP. > Obviously all rules really important are based on IP addresses. If your firewall needs to perform *any* DNS queries, what happens if the DNS server(s) are down or unreachable when the firewall tries to restart? Does it fail in a way that you are happy with? -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EDA5A7F.6060204>