On Saturday 01 May 2004 10:42 pm, Andrew E. Mileski wrote:
> Antony Stone wrote:
> >
> > I remain confused from your description as to whether you are talking
> > about the machine running the netfilter rules being an NTP server
> > (servicing requests from other clients), or an NTP client (sending
> > requests to other servers).
>
> The machine running the netfilter rules is an NTP and DNS server
> (servicing requests from other clients), _and_ a NTP and DNS client
> (sending requests to other servers).
>
> Hence my solutions (both tested) of an explicit rule to either:
> A) Force all private hosts to use the DNS/NTP servers on the gateway.
This sounds like a very good idea, for both protocols, since:
a) if you have a caching DNS server on your network, you may as well make
maximum use of it, instead of sending requests out to the Internet direct
from individual clients
b) if you have an NTP server on your network, it is more important that all
your local machines are synchronised to it than that some of them are
correct, but different from others.
Therefore I think pointing all local clients at the DNS / NTP servers on the
gateway, and then pointing the single DNS / NTP clients running on the
gateway to the outside world, is the correct solution.
Regards,
Antony.
--
I want to build a machine that will be proud of me.
- Danny Hillis, creator of The Connection Machine
Please reply to the list;
please don't CC me.
