My firewall has an inside "green" interface on eth0, and an outside "red" interface on eth1. eth1 is connected to a dynamic address at comcast. The firewall also has a bind (named) and dhcpd server on it, providing name service and dynamic addresses for the internal green network. named is also configured to respond to 127.0.0.1, so in theory the firewall itself can get dns service from the named running on it. dhcpd and logging need the internal name service.
Perhaps I have nsswitch set up incorrectly. Or something. When the green interface eth0 starts, /sbin/dhclient-script puts the appropriate information in /etc/resolv.conf. That seems to be the only way the firewall internal programs know about the name server. /etc/resolve.conf is almost immediately written over when the red interface eth1 starts, with the comcast name servers replacing (instead of appending to) the eth0 information. So the firewall no longer knows about dns for internal machines. I can write everything into /etc/hosts, but that is Yet Another File to maintain. There must be a better way. As a temporary hack kludge, I combined the information from both name servers into /etc/resolve.conf by hand, then set it to chmod 444 and chattr +i . I can still turn the interfaces on and off, but dchlient-script leaves /etc/resolv.conf alone. This will work until comcast moves their name servers. Does anyone know of a better way? Keith -- Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
