[ previous ] [ next ] [ threads ]
 
 From:  sylikc <sylikc at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Different DHCP DNS Server list per Interface
 Date:  Fri, 10 Sep 2004 10:27:30 -0700
Hi,

I've been running m0n0wall for awhile and I was wondering if there is
some way (official patch or unofficial quickfix) to make DHCP assign
different DNS servers per interface.

I am interested in getting that functionality mostly for security
reasons.  I don't want a host on OPT2(my untrusted public subnet) to
be able to use the standard DNS used inside my LAN and can resolve the
IPs of all my hosts.  Not that OPT2 can connect to LAN anyway, but
security through obscurity is a good thing anyway.

The other reason I would like to use different DNS Server per
interface assigned through DHCP is in the following scenario:

I have a quad Interface m0n0 box (DMZ,LAN,WAN,Untrusted)...
DNS Forwarding is ON, but Allow DNS server list to be overridden by
DHCP/PPP on WAN is OFF
I have my DNS server on the DMZ.
Untrusted hosts have limited access to the internet and cannot hit the DMZ/LAN
LAN hosts can go anywhere.
m0n0 hands out the DNS server IP on the DMZ... 

I must now punch a hole in the FW for untrusted hosts to use the DNS
server in the DMZ (otherwise it can't resolve anything), although I'd
prefer to be able to have just the UNTRUSTED interface use my ISP's
DNS, while the LAN hosts use the DMZ DNS Server.

Any ideas?

/sylikc