Firewall Wizards mailing list archives
Re: dns outbound
From: Robert Graham <robert_david_graham () yahoo com>
Date: Tue, 18 May 1999 16:52:52 -0700 (PDT)
--- wyllys () reston wcom net wrote:
On 16 May, Robert Graham wrote:Why the heck would clients need external access to DNS servers?There are plenty of reasons why internal machines need to resolve external names.
The original question was not resolving DNS, but actually sending DNS packets from inside the corporation out to the Internet (bypassing any local DNS 'proxies', if we think of DNS in the same terms as other protocols). Some management platforms might want to do this, such as when they set the "don't recurse" bit in order to check the health of DNS systems. There may also exist some weird software that bypasses gethostbyname() and does its own DNS protocol work -- involving starting at the root servers and following them on down. I can't think of any other application that would want to do this, though. I suspect the original query had much the same misunderstanding: people want to do lookups/reverse lookups, and therefore asked for DNS packets through the firewall. The probably don't need a firewall, and just want a DNS 'proxy' set up. Rob. _____________________________________________________________ Do You Yahoo!? Free instant messaging and more at http://messenger.yahoo.com
Current thread:
- Re: dns outbound, (continued)
- Re: dns outbound Darren Reed (May 18)
- Re: dns outbound Bennett Todd (May 19)
- Re: dns outbound Robert Graham (May 17)
- Re: dns outbound Deepak Vaidya (May 17)
- Re: dns outbound wyllys (May 18)
- Re: dns outbound David Gillett (May 19)
- Re: dns outbound wyllys (May 21)
- Re: dns outbound Bennett Todd (May 19)