Out of curiosity, what is the "best practice" for someone who has a DNS server on their private network with a private IP address? How would one go about doing this with a router? Is it impossible? Is the "best practice"/only possibly way to have the DNS server having a public IP address (in a DMZ)?
Kind Regards, Tim Booth MCDBA, CCNP, CCDP, CCIE written ----------------------------------------- Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. Benjamin Franklin, 1759 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, February 18, 2002 13:16 To: [EMAIL PROTECTED] Subject: Re: DNS Request Redirection [7:35703] hhmmm..... as I understand the original question, each workstation in the network in question is hard coded for DNS. So, if for example, my machine is hard coded for DNS server 207.126.96.162 ( my ISP DNS server ) and I change ISP's, and make no changes to my workstation, then any DNS request will have a destination address of 207.126.96.162 The question, as I understand, if how to change that destination address without making workstation visits. Policy routing can change next hop, but not destination address. NAT outbound changes source address, not destination address. Unless there is a packet interceptor that takes all DNS requests, and physically changes the destination address, the user has few options. Again, IF the former ISP does not restrict DNS requests to its own address space, i.e. accepts DNS requests from anywhere, then there is no problem, and no changes need be made. However IF ( and this would be good practice for a lot of reasons ) the former ISP does indeed restrict DNS requests to source addresses within its own space, then there will have to be additional changes on the user network. This whole discussion illustrates why people SHOULD follow best practice from the get go. If they want to hard code IP's, then I believe DHCP can be configured so that it provides only DNS info and default gateway info, for example. the people who have insisted that their network hard code everything are now learning the hard lesson. Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35772&t=35703 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
