Re: [m0n0wall-dev] Feature Needed: Passthrough for destanation domain name (CP)

From:	"Lee Sharp" <leesharp at hal dash pc dot org>
To:	"Mono Dev List" <m0n0wall dash dev at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall-dev] Feature Needed: Passthrough for destanation domain name (CP)
Date:	Sat, 12 Aug 2006 10:55:31 -0500

From: "Alex M" <radiussupport at lrcommunications dot net>

> Also, set my company's IP (that's for sure has only one IP) and when I 
> typed
> the name it didn't allow to go through. There is a definet need to add
> Domain Pass-through!

Something just ain't right here.  First, that works for me on 30+ 
installations.  However, if the user is pointed at an external DNS, you need 
to allow that.  As to how to get the IP addresses of places like google, do 
an "nslookup" like this;

C:\Documents and Settings\Cap'n>nslookup www.google.com
Server:  fw-boat.dnsalias.net
Address:  192.168.64.1

Non-authoritative answer:
Name:    www.l.google.com
Addresses:  64.233.161.104, 64.233.161.99, 64.233.161.147
Aliases:  www.google.com


C:\Documents and Settings\Cap'n>nslookup www.google.com
Server:  fw-boat.dnsalias.net
Address:  192.168.64.1

Non-authoritative answer:
Name:    www.l.google.com
Addresses:  64.233.161.147, 64.233.161.99, 64.233.161.104
Aliases:  www.google.com


C:\Documents and Settings\Cap'n>nslookup www.google.com
Server:  fw-boat.dnsalias.net
Address:  192.168.64.1

Non-authoritative answer:
Name:    www.l.google.com
Addresses:  64.233.161.104, 64.233.161.147, 64.233.161.99
Aliases:  www.google.com

As to the reasons NOT to add it.  Complexity, and DNS poisoning.  It will 
not be easy, and it will be insecure.

                                    Lee