[NTLUG:Discuss] opinions on where to run DNS server..... firewall vs main server.

clyde swann swannc at hotmail.com
Wed Mar 1 21:15:30 CST 2000 

your response was very insightful.  it caused me to revisit my intent and 
focus.

i think i mean firewall, that allows/denys packets from the internet.  
because of the two nic cards, eth0/static ip -> adsl -> internet, 
eth1/static ip -> localnet i see having to configure the machine as a 
gateway and/or router also.  i intend to run proxy software for its 
cacheing.  the server on the localnet will be accessible from the outside.  
inside security is not a concern at this time.

even though this is starting as a two station network, i want to structure 
it with the same thought process and technology that would support larger 
more complex environments.

so, yes i do want to be able to resolve the addresses for my domains.  what 
this means to me, is when my dns is updated other main internet domain name 
systems will be updated also.  i will acquire ip address blocks as needed 
and want to be able to assign them within my domains for internet wide 
access at will.

again, thanks for the comments.


>From: Jonathan Miller <betaray at kludge.org>
>Reply-To: discuss at ntlug.org
>To: discuss at ntlug.org
>Subject: Re: [NTLUG:Discuss] opinions on where to run DNS server..... 
>firewall vs main server.
>Date: Tue, 29 Feb 2000 21:38:30 -0600 (CST)
>
>Well if you are only going to be using it to look up address then by all
>means put it on the inside of the firewall. That is of course if when you
>say firewall you mean firewall and not router (which a surprising number
>of people do). If you expect people to actually be able to reach the box
>from the outside world to resolve domains that you are in charge of you'll
>need to keep it visible to the network.
>
>DNS is a very light chore, so I wouldn't worry about putting it on the
>486.
>
>However, even if you really want to set up the DNS machine on the other
>side of the fire wall, don't. UDP is a royal pain in the ass to police
>with ipchains. And if you're doing masq'ing then your SOL anyhow.
>
>Hope my rambles provide a little bit of insight.
>
>-- Jonathan
>
>On Tue, 29 Feb 2000, clyde swann wrote:
>
> > i had started setting up dns to run on my firewall/gateway/router 
>machine
> > (486dx2/66, 32mg ram, linux v6.0), connected to adsl line with static 
>ip.
> > then i read something that suggested the dns server is expected to be 
>run on
> > the main server (pii-450, 192mg ram, linux v6.1).  just curious as to 
>the
> > assumption, other than it being a server program.  are there any real
> > pros/cons?
> >
> > ______________________________________________________
> > Get Your Private, Free Email at http://www.hotmail.com
> >
> >
> > _______________________________________________
> > http://ntlug.org/mailman/listinfo/discuss
> >
>
>
>_______________________________________________
>http://ntlug.org/mailman/listinfo/discuss

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

More information about the Discuss mailing list