I have a three legged firewall up and running (3 NICs , Inet eth0 and ip aliased eth0:0.
My eth2 192.168.1.1 goes to DMZ), i got a DMZ webserver which has currently one NIC (eth0) with ip addr 192.168.1.2.

Goal:
I am working toward the setup for the djbdns (DNS) which will, I guess? have 1 to1 NAT routing thru the firewall Iptables, port 53 etc... I can ipalias on the firewall just fine. I got my second external IP addr ipaliased Inet eth0:0 on the firewall ifconfig, but not routed yet.

I am following a "how to" which shows the DNS going to 192.168.1.3 (on my DMZ network). So, do I add ip aliasing to the webserver NIC too? and create webserver eth0:0 192.168.1.3 and then 1 to 1 DNAT to that from my firewall eth0:0 addr or ?
maybe,
add a second NIC card to the webserver? if so, how would i hook it up... maybe i need another switch for the DMZ network (can do $ if i need to),

right now i use a simple crossover cat 5 cable from the firewall to the webserver. hmm... which way would you try it? ipalias both ends or a switch?

can you even actually ipalias both ends of these cards in the network ? and if so any reason why i wouldn't?

note: this is getting REAL fun! now that the darned works at all after 4-5 weeks... thanks to all who have guided me in this dim light.
P.Biter

Yes and Yes... and Yes and Yes.
Of course, you could always edit the HowTo and make the dns server 192.168.1.2... then install it in the DMZ server...

All the alias does is allow the NIC to broadcast another ip address in the ARP requests so the network can find the NIC by it'd hardware address (MAC).

The crossover cable is quite fine for just 1 server

excellent, i think I'll do just that for now. I'm eager to move along and see what djbdns can and will do. Thanks much for the encouragement and confirming that it can be done with alias on both ends.
I've got my eye on another Cisco 1548 and when that arrives then it can be even a little bit kewler...
P.Biter