[CentOS] firewall dilemma

Wed Nov 2 17:29:22 UTC 2005
Aleksandar Milivojevic <alex at milivojevic.org>

Quoting Rob <four4 at naims.co.uk>:

> If you do use an internal DNS you can set up /etc/named.conf as follows
>
> 	// PUT your ISP's name servers here
> 	forwarders { 1.2.3.4; 1.2.3.5 };

If he doesn't really need forwarders, I'd suggest not using them.  If ISP
changes IP addresses of DNS servers (very rare, but happens), his internal DNS
server will simply stop working, and it might be hard to guess what 
happened. His internal DNS server is (most likely) perfectly capable of 
resolving queries
on its own.  Forwarders are most usefull to get around strict firewalls and/or
when you want to force resolving to happen on particular DNS server 
which might
return different results than if authoritative server for domain was contacted
directly.


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.