Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 3 Jul 2006 10:10:39 +0700 (ICT)
From:      Olivier Nicole <on@cs.ait.ac.th>
To:        mark@msen.com
Cc:        freebsd-questions@freebsd.org
Subject:   Re: DNS discovery / FreeBSD Firewall
Message-ID:  <200607030310.k633Ad6e088860@banyan.cs.ait.ac.th>
In-Reply-To: <200606302344.57811.mark@msen.com> (message from Mark Moellering on Fri, 30 Jun 2006 23:44:57 -0400)
References:  <200606302344.57811.mark@msen.com>

next in thread | previous in thread | raw e-mail | index | archive | help
> 	The questions is; How do I have the internal network machines
> get the DNS server settings from the Firewall?  The two scenarios I
> can think of are: that the Firewall also acts as a DHCP server and
> somehow set the DNS of the internal net machines to the Firewalls
> resolv.conf entries; or I can have the Firewall act as a DNS
> server/relay and forward the DNS requests.

If your ISP keep changing their DNS server I'd suggest another
solution: set your own DNS server, but on a machine different from the
firewall.

Just make sure that the filrewall let domain traffic (udp/53 and
tcp/53) go through. And configure the firewall to use your own DNS
server.

DNS server needs NO resources, an old PIII 500 will do the trick.

It is always a good choice to have the firewall be only a firewall and
nothing else. If you add DNS on your firewall and DNS has somore
vulnerabilities, your firewall would be comprimised...

Bests,

Olivier



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200607030310.k633Ad6e088860>