Richard P. Koett wrote: > I'm building a firewall/router for a small private network. The > external network interface uses dhclient. The internal interface > will run dhcpd. > > Rather than hard-coding 'option domain-name-servers' in dhcpd.conf > I'd like dhcpd to pass whatever nameservers were received by the > dhclient running on the other interface. > > Is there a recommended way to accomplish this?
yes, "don't" :) You could write a simple script to modify dhcpd.conf as needed, but I set up a lot of systems similar to yours for small offices. For a number of years, I tried to use the ISP's DNS resolver, but after a while, I realized that virtually EVERY ONE of the systems ended up with me installing a local resolver on the firewall because the ISP's went down at some point. The local DNS resolvers proved to be a "no-cost" clear win. While my inclination is always to avoid unneeded complexity, this wasn't very complex, nor was it unneeded. Further, you will probably need some kind of INTERNAL DNS definitions, just so addresses like 10.0.0.25 resolve for you. Failing to do that will often make maintaining the firewall itself annoying (reverse DNS lookups), but it will also give your ISP a clue that you have a firewall and a bunch of computers behind it, as THEY will be getting reverse DNS lookups for your internal addresses. Most ISPs no longer care about this, but some might... Nick.
