Re: DNS Forwarders Question
- From: "Graham J" <graham@xxxxxxxxxxxxxxxx>
- Date: Wed, 2 Jul 2008 23:53:27 +0100
"Tim Gowen" <tim@xxxxxxxxxxxxxxxxxx> wrote in message
news:1ijgwir.gewpyrdym7k0N%tim@xxxxxxxxxxxxxxxxxxxxx
Graham J <graham@xxxxxxxxxxxxxxxx> wrote:
Tell us how you connect to the internet.
Assuming that you use a router, it will pick up the DNS details provided
by
your (new) ISP.
Assuming your clients connect to the router and rely on the router's DHCP
service, they will all obtain the router's internal IP address for use as
their DNS server. So each client will ask the router to resolve names to
IP
addresses, and the router will simply forward the request to the DNS
server
provided by your ISP, which will probably have a cache. This in turn
will
forward the request to other DNS servers when it deems its cache to be
out
of date.
In general you should NOT use a fixed external DNS server, if run by your
ISP. If your ISP runs several such servers, they will want you to use
only
those which are currently active, or those that they tell your router to
use, so that they can manage availability. Occasionally it may be
necessary
to get your router to re-negotiate its connection with your ISP so that
it
uses their currently active DNS servers. (I've found this to be
particularly true of BT.)
However, if you don't want to use your ISP's DNS servers you can tell
your
router to use others. In which case, how do you know the servers are
available?
If you don't use a router the same general principles hold, but you
should
explain more about your network so we can advise you properly.
It's a network with a pair of DNS servers. There's a Pix firewall
behind the BTNet router. LAN and WAN is through a router which is
inside the perimeter. The router for internet access (which is
changing) is connected to the firewall (which is not). So internal
clients use the internal DNS servers for name resolution and forwarders
send out to the internet somehow if a request isn't resolved internally.
So I can ping an external address from the inside and get a resolution
which comes from our DNS server, not the ISP's.
The default gateway is the LAN/WAN router.
Is that enough information?
OK so the internal clients should stay the same, relying on the internal DNS
servers. These DNS servers should look to the internet router for the DNS
server provided by your ISP. It's possible that the PIX runs a DNS service,
in which case you should point the local DNS servers to that, and configure
the PIX to look at the external DNS - depends what the BT router offers.
Does the PIX provide NAT? Why is there a router "inside the perimeter"?
What purpose does it serve?
Presumably the DNS servers are also web proxies/caches so that internal
clients never talk directly to the outside world?
You can choose to supply the DNS servers with a list of forwarders and/or
root hints, so that their external lookups bypass the firewall and router
and go directly to external DNS servers. This will obviously be quicker,
but will only be apparent when the local DNS cache does not have the lookup
requested.
--
Graham J
.
- Follow-Ups:
- Re: DNS Forwarders Question
- From: Tim Gowen
- Re: DNS Forwarders Question
- References:
- OT: DNS Forwarders Question
- From: Tim Gowen
- Re: DNS Forwarders Question
- From: Graham J
- Re: DNS Forwarders Question
- From: Tim Gowen
- OT: DNS Forwarders Question
- Prev by Date: External Wireless Harddrive for Time Machine and Windows
- Next by Date: Re: External Wireless Harddrive for Time Machine and Windows
- Previous by thread: Re: DNS Forwarders Question
- Next by thread: Re: DNS Forwarders Question
- Index(es):
Relevant Pages
|
