Henning Follmann wrote: > 1) You talk too much. > Solution: be precise but not chatty. Get to the point. > > 2) Your network setup is overly complicated. > Solution: simplify! Also very important: complexity is the enemy of > security. Your set up should be straight forward that any issue becomes > apparent without any effort. > > Forget about your caching dns server ( at least for now) It is just > another layer of complexity in your preexisting mess.
very good summary :) Mark can start by drawing a diagram of the setup, configuring the DHCP an DNS and firewall properly. Ad DHCP Mark, you can setup a range with static and a range with dynamic IP addresses. All that has static address must still be in the DNS to be resolved. I did not get it at which level you split the network in two (internal/external or private/public) - I assume this is the firewall. It also means the firewall has 2 interfaces - one for internal and one for external network. You need a good IP-tables setup to make interconnect possible. What I describe is the most simple scenario and as Henning mentioned forget the dns caching for now, until all this stands. I advise start with DNS/DHCP in the internal (private) network. regards