I have my setup exactly as you described (my internal DNS is a
forwarder, only sending requests out to an external DNS at my ISP only
if the answer isn't already cached and no external queries need to be
answered by it--all my internal LAN hosts point to my internal DNS and
nothing else) and I have experienced no problems whatsoever WITHOUT
having to open port 53. I just have the default rulesets
(everything from WAN to LAN is blocked, everything from LAN to WAN is
allowed and the VPN ruleset) set up on my firewall . Hope this
helps.
At 13:24 -0400 04/11/2002, <[EMAIL PROTECTED]>
wrote:
what forwarding does is if the internal dns cannot answer a dns request then it forwards the request to an external dns and then is supposed to get a return answer it then feeds to the internal dns client. this is done so that all the client machines don't choke your bandwidth with dns queries when the internal dns server doesn't have the answer in its cache. so do I need to open port 53 on the firewall to the internal dns server so that it can get the answer to it's queries from the external dns server? I'm not sure
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Vogt
Sent: Thu, April 11, 2002 1:11 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [SonicWALL]- DNS set to use forwarders
if your dns server is answering requests for internal clients only, then you do not need to create any additional rules or open ports, the default rule already allows this outbound dns traffic. if you want your dns to answer external requests, then yes you need to allow for it.all this assuming the server is behind the firewall (not in the dmz)
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 11, 2002 10:08 AM
To: [EMAIL PROTECTED]
Subject: [SonicWALL]- DNS set to use forwarders
do I need to open the dns port if my internal dns server (configured as a dns forwarder) is set to use my isp's dns to forward requests it cannot answer?
----------------------------------------------------------------------------------------------------------
Michael D. Plotsker
Technology Consultant
KJ Technology Consulting, Inc.
Office: 718-575-1595
Mobile: 917-406-4215
Fax: 212-202-5013
mailto:[EMAIL PROTECTED]
--
*****************************
Reality Artisans,
Inc.
P.O. Box 565,
Gracie Station
New York, NY
10028-0019
http://www.realityartisans.com
"We craft
ideas into reality"
*****************************
