nslookup can't but browser can !
Joseph S D Yao
jsdy at cospo.osis.gov
Wed Aug 23 01:15:13 UTC 2000
On Tue, Aug 22, 2000 at 08:02:10PM -0400, Kevin Darcy wrote:
> Joe, You seem to be assuming that the internal clients need to resolve
> Internet names. If they're behind a proxy firewall, generally they
> *don't* need this capability, since they can't connect to those addresses
> anyway. I wouldn't want the original poster to go changing their
> DNS infrastructure for no good reason...
>
> - Kevin
No, I am not assuming this. The original poster started off wanting to
resolve IP addresses. Agreed, if they are behind a real firewall
[proxy server instead of filtering router], then they will make small
use of this.
However, it is very useful for the firewall to be able to resolve
internal names [for logs, e.g., or rule sets]. And the firewall must
be able to resolve external names. Therefore it is good for the
firewall to resolve from inside, and inside to forward to the firewall,
so that it can resolve external names for the firewall.
Eh? ;-}
--
Joe Yao jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
More information about the bind-users
mailing list