I sent the prior reply you quote below. The reasons I said it "depends" is because it does. There is no single *right* answer to the follow-up question you ask. What is best for you depends on a detailed view of the network that the Dachstein router is routing. Either you have to tell us a lot about your setup (how many hosts, home or business, what OSs they use, how well the AT&T nameservers perform, whether AT&T interferes with use of DNS to servers other than its forwarders, and a lot more) or you have to assess this stuff yourself and decide what to do.
As a general matter, you have five options: 1. Tell each host on the LAN, including the LEAF router, to use the AT&T nameservers. This will work as long as you have no need to do DNS lookups at the LAN level (either you use IP addresses only or every machine has an /etc/hosts file to resolve LAN names). 2. Run dnscache and tinydns on the LEAF router. Have dnscache use the AT&T nameservers as forwarders, and have tinydns be authoritative for your LAN addresses. In this case, every host has the LEAF router as its nameserver (and the LEAF router had 127.0.0.1). 3. Run some DNS server (can dnscache do this? I forget) on the LEAF router that bypasses the AT&T nameservers and builds up its own cache, starting at the the DNS root servers. Everything else is the same as #2. 4. Run a DNS server on some LAN host, and have it both be authoritative for the LAN and forward to the AT&T nameservers for outside queries. This is easy to do if you have another Linux host around; I don't know what BIND-like packages are available for Windows, so I don't know if it is a realistic option for an all-Windows LAN. In this case, all other hosts (including the LEAF router) use the internal host as their DNS server. 5. The same as #4, except bypass the AT&T nameservers for external resolution. At 08:29 AM 7/8/02 -0700, Craig wrote: >Hi folks, >I use the default, Dachstein CD firewall...so I don't know the answer to >this reply. Should I only have the 127.0.0.1 entry (doesn't Dachstein >use tinydns?)...or should I use my LAN computers and my Dachstein >firewall as resolvers and include the addresses of my appropriate DNS >servers for better name resolution??? (P.S. My ISP is AT&T broadband, if >that helps at all) > >I received this answer to my post- > >The right answer to this question depends on how the router actually is >doing DNS resolution. > >A. If it is running a DNS server (like tinydns or BIND), then it should >have ONLY the entry for 127.0.0.1 as DNS0. > >B. If its resolver is supposed to use other hosts as DNS servers, then >it >should ONLY have entries for DNS0 and DNS1 (using each only once; they >are >environment variables, so a second use will replace the first, not >supplement it)with the IP addresses of the DNS servers. > >BTW, this decision is separate from what your "Primary" and "secondary" >DNS >servers are. Those terms apply to authoritative DNS servers for a >domain. >The router only needs to know what to use as a resolver, not what is >authoritative for your domain. They may be the same servers or they may >be >different -- it depends on the details of your setup. -- -----------------------------------------------"Never tell me the odds!"-------------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------------------- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Oh, it's good to be a geek. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
