On Friday 24 October 2003 12:52, Donald Tyler wrote: > This isn't really a Red Hat specific question, so I apologize for > posting it here, but I never seem to get an answer on the firewall > forums (Guess they aren't as tolerant of irritation noobs over > there). Donald, did you just hijack the "usb memory key" thread to create this post? Most lists will either flame you or ignore you when you do that, as our software threads messages and we like our thread to contain only relevant messages. Alway create a new thread by posting rather than replying, when you have a new question. > Anyway, here's my problem: > > I have some questions regarding DNS servers that I hope someone can > help me with. You'd probably get better help on a DNS list, but again only if you follow list etiquette to the letter. > 1. We currently use our ISP's DNS servers. Are these the ONLY DNS > servers that my local machines should ever need to talk to? These are the only DNS servers that should be listed in your /etc/resolv.conf file. This will in general result in less DNS traffic over the entire net than using your own DNS server. There will be slightly more DNS traffic for your own domains, though. I suppose in the best of all worlds you'd have only your own DNS server listed in your /etc/resolv.conf file, and then set up your own DNS server as a forwarder so it forwards all requests for DNS it's not authoritative for, to your ISP's DNS servers. > 2. We have a local DNS server for a few sites we host. Who exactly > needs access to this through the firewall? Everyone who you want to be able to see your sites. If they can't get DNS for your sites, they can't see your sites. Iirc, with the default RH9 firewall and the default RH9 named.conf setup, there will automatically be a hole punched through the firewall, but I'm not near a system to check right now, so please don't take my word for it. On our firewalls on our hosting systems at colocation centers, we punch holes for port 53 (the DNS port) in both directions for both UDP and TCP traffic. Jeff -- Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US Professional Internet Services & Support / Consulting / Colocation Our blists address used on lists is for list email only Phone +1 909 324-9706, or see: "http://www.nobaloney.net/contactus.html"; -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
