Community discussions

MUM Europe 2020
 
User avatar
GlueGuy
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Tue May 16, 2006 10:57 pm
Location: San Francisco Bay Area California (CA)
Contact:

Clarification of DNS settings please

Sun Dec 10, 2006 10:05 pm

I've scanned the manual, and browsed the forum, but I'm still cloudy on one of the options for DNS.

Under /IP DNS, there is a setting labeled "Allow Remote Requests". What exactly does this do?

I've currently got this option checked and I also have our provider's two DNS entries in the available slots. It's all working, but I haven't figured out what the Remote Requests option actually changes.

Does it mean that local clients are allowed to go directly to the DNS servers specified, or what?

And, what changes if I turn it off?

Thanks in advance!

bp
 
GotNet
Member
Member
Posts: 436
Joined: Fri May 28, 2004 7:52 pm
Location: Florida

Sun Dec 10, 2006 10:15 pm

Allows for something other than the router itself to use the dns cache. If you turn it off the router can resolve but not any clients using the router for lookups.
 
User avatar
GlueGuy
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Tue May 16, 2006 10:57 pm
Location: San Francisco Bay Area California (CA)
Contact:

Sun Dec 10, 2006 10:31 pm

Ah. So it actually allows the cache to be useful?

So if I understand it correctly, with the Remote Requests switch _off_, the cache is by-passed, and client requests go directly to the actual DNS servers that are configured?

And with the switch _on_, the MT will act as a mini-DNS server for items that are in the cache, or statically entered?

Is that it?
 
User avatar
tneumann
Member
Member
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Sun Dec 10, 2006 11:01 pm

When you have it switched off then clients can not use the router as a resolver at all; you need to configure your clients to use some other nameservers that are external to the router in this case.

If you set it to on then clients may use the router as a resolver and it will forward the requests to some other nameservers and cache the results. Be careful with security. If you set it to on then you need to configure appropriate firewall rules in the input chain to make sure only authorized clients (your customers...) may use the router as a resolver.

--Tom
 
User avatar
GlueGuy
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Tue May 16, 2006 10:57 pm
Location: San Francisco Bay Area California (CA)
Contact:

Sun Dec 10, 2006 11:15 pm

Hmmm.

This is for our office router, so all the clients on the LAN side go through the MT.

As it is, I have the DNS on the MT set as follows:
Primary DNS:               65.xx.24.xx
Secondary DNS              65.xx.16.xx
Allow Remote Requests:     YES
Cache Size:                2048
When I look at an individual (office) client via ipconfig, the two DNS servers specified to the MT show up as the DNS servers for the attached clients. So this DNS information seems to get directed to the MT DHCP server without any further help.

Will this allow clients on the WAN side make DNS requests through the MT?

Thanks for all your help. Is this explained in the manual, or am I just being dense?

bp
 
GotNet
Member
Member
Posts: 436
Joined: Fri May 28, 2004 7:52 pm
Location: Florida

Mon Dec 11, 2006 2:50 am

Hmmm.

This is for our office router, so all the clients on the LAN side go through the MT.

As it is, I have the DNS on the MT set as follows:
Primary DNS:               65.xx.24.xx
Secondary DNS              65.xx.16.xx
Allow Remote Requests:     YES
Cache Size:                2048
When I look at an individual (office) client via ipconfig, the two DNS servers specified to the MT show up as the DNS servers for the attached clients. So this DNS information seems to get directed to the MT DHCP server without any further help.

Will this allow clients on the WAN side make DNS requests through the MT?

Thanks for all your help. Is this explained in the manual, or am I just being dense?

bp
Yes. I'd block it as such:
;;; Drop External DNS Query
chain=input in-interface=public dst-address=routerIP protocol=udp dst-port=53 action=drop

No comment on the manual. This forum and good questions are gold.

Mike

Who is online

Users browsing this forum: Bing [Bot], Google [Bot], Kindis, MSN [Bot] and 141 guests