firewall as dns proxy

Will a firewall act as a dns proxy (by default) if there is no dns server in a LAN? If so, is this the common solution in small/home LAN's?

Reply to
Loading thread data ...


Reply to

Many vendors include a caching only nameserver in their units, regardless of the class of device (SOHO, SMB, enterprise). The feature you want to look for, however, has several different names depending on the manufacturer. I've heard it called DNS rewrite, DNS loopback, and DNS proxy. What this allows you to do is to not have to run an internal only nameserver for mapping host names to private IPs.

For example, I may have

formatting link
resolving externally to but behind the firewall it's really I want to be able to config my internal PCs to use either external nameservers or the firewall plus external nameservers. When I do an address lookup for
formatting link
the firewall will send back With Cisco and NetScreen SOHO units, it will rewrite your DNS request. In something like a D-Link DFL-80, you actually set up a table of FQDNs and IPs. Last I knew of the SonicWall SOHO 3, they didn't provide any DNS rewriting at all. That may have changed in later products or more current firmware revs but if so, it's taken them several years to implement.

If you're running Active Directory behind your firewall, it's not such a big deal since you'll already have an internal nameserver. I have seen Windows nameservers flake out in heavy traffic environments and sometimes need their service restarted.


Reply to
Gary Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.