Petri Helenius wrote: [ ...using DNS in firewall rules... ]
I know that, I control the domains and additionally they are for non-critical resources like NTP access.
OK: it's good to keep your firewall clocks syncronized. External NTP servers are best accessed by name, agreed.
So run a NTP server on your local net, not on a firewall, which uses DNS to refer to higher-stratum NTP sources. Have your firewall refer to the local NTP server by IP.
> Obviously all rules really important are based on IP addresses.
If your firewall needs to perform *any* DNS queries, what happens if the DNS server(s) are down or unreachable when the firewall tries to restart? Does it fail in a way that you are happy with?
-Chuck
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
