[DeleGate-En] Delegate DNS - incomplete
20 Aug 2003 09:49:27 GMT Olaf =?iso-8859-1?Q?P=FCschel?= <>

Hi folks!

After setting up our companys firewall with several delegate 
instances, I noticed that the DNS support ist very limited.

After complaining about this in a mail to Yutaka he redirected
me to this list and here I am.

While I'm very happy with the other Delegate functionality, DNS
is still quite poor. Worst is the violation of the standard in
that it only does UDP. DNS users TCP not only for zone transfers,
but also for large queries. not doing TCP can give you some
nice debugging evenings.

Zone transfers (AXFR's) become neccessary when you host your DNS
master servers behind a Delegate proxy - which I intended to do.
I ended up with doubling each proxy with a tcprelay for DNS.
That worked (also I retreated from this configuration for other 
reasons inherent in the DNS protocol which ist *not* proxy

Second I would appreciate if Delegate could do name resolution by
itself, so it could act as an outbound proxy without the help of
another resolver. This would do away with the need of a separate
bind instance (or alike) on the proxy or a separate host on the outside
(or you would have to rely on you ISP dns ...).

Now you can go ahead and rip my ideas apart ;-)

Best regards

Olaf Püschel, Softwaretechnik, OLMOS Workstations GmbH, Germany
Wolfenbütteler Str. 31A, 38102 Braunschweig, Fon.: +40-000-00000-F Fax: -99
OLMOS supports signed and/or encrypted mail. Grab my key at
"Unix *is* user friendly. It's just a bit picky about its friends"

