Firewall Wizards mailing list archives
DNS forwarding at the firewall (2nd try, slightly revised)
From: John McDermott <jjm () jkintl com>
Date: Fri, 2 Oct 98 16:43:47
[I posted this last evening, but have not seen it on the list. All, I was recently discussing what one might do when forwarding DNS through a firewall. [ I know about the issues of using a non-transparent proxy, etc, but that is not the issue here.] My question is where to point the firewall to resolve internal forwarded queries if there is no external DNS. For example if internal host foo.local.net asks for www.external.com, should the firewall forward the query directly to a root server or should it forward the query to, for example, the ISP's cacheing server? My thought has always been to forward to the local cacheing server to take load off the root servers (in the example above, surely the info for an appropriate .com server is cached in the ISP's server). I have also been told recently that all firewalls should forward to the root server. What are your feelings on this, and is there some sort of definitive recommendation? I checked the firewalls FAQ and the DNS FAQ and I could not find a "best practices" recommendation in either. Maybe this has not been addressed by the FAQs or maybe I have old versions. Thanks, --john ------------------------------------- Name: John McDermott VOICE: 505/377-6293 FAX 505/377-6313 E-mail: John McDermott <jjm () jkintl com> Writer and Computer Consultant -------------------------------------
Current thread:
- DNS forwarding at the firewall (2nd try, slightly revised) John McDermott (Oct 05)