On 2007/11/15 17:02, Jonathan Thornburg wrote: > (b) The firewall's dhcpd is configured to tell clients that the > firewall itself is a DNS server.
I find ISP DNS servers to give enough trouble that I always do this, even if it means not benefitting from their cache. > The firewall also runs a DNS proxy (eg /usr/ports/net/totd or > /usr/ports/www/squid,transparent). Squid isn't a DNS proxy (though if you only want web browser access for clients, they don't strictly speaking need DNS, they could just proxy all their requests through a normal <not transparent> squid). totd is a special DNS proxy for ipv6-only clients behind a nat-pt gateway. I'd just use the built-in named - to use it as a resolver for local subnets you don't need to configure it, just enable it in rc.conf.local