Re: DNS Forwarders Question


"Tim Gowen" <tim@xxxxxxxxxxxxxxxxxx> wrote in message
news:1ijhqqw.rag2zfhw4zomN%tim@xxxxxxxxxxxxxxxxxxxxx
Graham J <graham@xxxxxxxxxxxxxxxx> wrote:


OK so the internal clients should stay the same, relying on the internal
DNS
servers. These DNS servers should look to the internet router for the
DNS
server provided by your ISP. It's possible that the PIX runs a DNS
service,
in which case you should point the local DNS servers to that, and
configure
the PIX to look at the external DNS - depends what the BT router offers.
Does the PIX provide NAT? Why is there a router "inside the perimeter"?
What purpose does it serve?

Presumably the DNS servers are also web proxies/caches so that internal
clients never talk directly to the outside world?

You can choose to supply the DNS servers with a list of forwarders and/or
root hints, so that their external lookups bypass the firewall and router
and go directly to external DNS servers. This will obviously be quicker,
but will only be apparent when the local DNS cache does not have the
lookup
requested.

The router for the WAN predates internet access, so our routers have
really built up as needed rather than being integrated.

The internal clients never talk directly to the internet; the PIX does
NAT (and passes SMTP commands to the mail server) so there is no
internet-facing hardware apart from the firewall.

I think we need to see a complete network diagram. What is the WAN if not a
connection to the internet? Or do you have connections via private links to
networks at other sites?

Having said that, if it works at present, changing the ISP and the ISP's
router ***probably*** won't affect anything ....

--
Graham J




.

Relevant Pages

  • Re: DNS Forwarders Question
    ... These DNS servers should look to the internet router for the DNS ... the PIX to look at the external DNS - depends what the BT router offers. ...
    (uk.comp.sys.mac)
  • Re: Win2k3 and Slow Logons
    ... > various DNS settings from the server and my router set up. ... for internal DNS servers, but it must NOT be listed on any ... >>>>bad world of the Internet. ...
    (microsoft.public.windows.server.dns)
  • Re: MLPPP Help Needed - Please review Telco Configuration on Cisco Router
    ... - do this with the PIX connected. ... the router, I can only ping the IP address of the G0/0 interface. ... not have access to the telco router. ... I was able to get out to the Internet ...
    (comp.dcom.sys.cisco)
  • Re: Connecting to the Internet
    ... Internet Explorer, I get an error message "Firefox can't find the server at ... the DNS servers that you use could be problematic. ... The router has to be the default gateway. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Pipex Web Problems
    ... During the day yesterday, the wife was using the internet, all was well. ... Rebooted the router, all lights that should be on are on, ... It was too late to ring Pipex last night and I suppose it'll be pretty ... DNS servers in the TCP/IP properties of the network interface of your ...
    (uk.telecom.broadband)
Loading