Thanks for the reply. I got that all set up as you suggested. One more question: 1. How is the best way to test that external resolvers can actually contact my DNS server? I don't want to sit here waiting for them to update, because they might never update! -----Original Message----- From: redhat-list-admin@xxxxxxxxxx [mailto:redhat-list-admin@xxxxxxxxxx] On Behalf Of Jason Dixon Sent: Friday, October 24, 2003 3:07 PM To: Red Hat Mailing List Subject: Re: DNS Servers (And related permissions via firewall) On Fri, 2003-10-24 at 15:52, Donald Tyler wrote: > I have some questions regarding DNS servers that I hope someone can help > me with. > > 1. We currently use our ISP's DNS servers. Are these the ONLY DNS > servers that my local machines should ever need to talk to? Should? Yes, assuming you're referring to their resolvers. An end-user/client network should only need access to a caching resolver. It's up to the resolver to contact the TLD Root and/or authoritative nameservers on your behalf. > 2. We have a local DNS server for a few sites we host. Who exactly needs > access to this through the firewall? Everyone. There's no other way for all of the resolvers spread throughout the globe to resolve your information. If you haven't already, I'd strongly suggest putting your nameservers in a DMZ. -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
