DNS and Router

number22 · 10-05-2006, 03:12 PM

DNS and router should not mixed together.

I had this problem with my dns installed on an router which will automatically answer the arp who-has request, and pop open an connection out bound to my ISP primary dns connection. I can't block it anyway. Such as allow-query{ localnet;} and iptables block all inbound connection at port 53 without source address of a localnet; etc..

Therefore, I have turned off the dns server on my router, and changed resolv.conf on the router with nameserver 127.0.0.1 point back to itself. And after installing/switching this dns server to another computer which is behind the router/firewall. Everything works great.

Lesson learned.
Any thought?

Old_Fogie · 10-05-2006, 03:37 PM

in an ideal world a physical pc that is a dns server should also act as a gateway and firewall & should really be 'network bridged' to the the dsl or cable modem, and not pull an ip address from a store bought router and the router can now sit on a shelf unused. the network bridge basically allows the pc and your modem to work as one and will greatly reduce latency. also that same dns/gateway/firewall pc should not host any servers to the lan or the internet other than dns. even better would be to have the dns on a different box too.
mutliple router's in a network can be chaotic as they get into using rip protocols and if not done correctly can cause issue's such as router's fighting amongst themselve's, packetloss, bad lag, dropped connections. kind of like what happens when you have mulitple switches on a lan.

it can and is commonly done or else we would have no internet, but you get my drift it needs special attention.

number22 · 10-05-2006, 04:06 PM

Quote:

Originally Posted by Old_Fogie

in an ideal world a physical pc that is a dns server should also act as a gateway and firewall & should really be 'network bridged' to the the dsl or cable modem, and not pull an ip address ...........also that same dns/gateway/firewall pc should not host any servers to the lan or the internet other than dns. even better would be to have the dns on a different box too.

thanks for your reply, I noticed my up link is a bridged networks too, when i looked at those arp request which came from many different net and subnets; once, some of these requests ( who-has) meet my subnet, my dns would pop up connctions, when dns was on this router. This really bothered me, therefore I had moved my dns back to behind my firewall/router.

I had never thought about virtual bridged my up link with localnet too, it is great idea, I will try it out.