The DNS service provides name resolution service to other tasks within the app software, and can act as
a relay for requests received from client machines. DNS typically means converting a name, like www.firebrick.co.uk
to one or more IP addresses, but it can also be used for reverse DNS finding the name of an
IP address. DNS service is normally provided by your ISP.
The DNS service on the FB2500 simply relays requests to external DNS servers and caches replies.
You can configure a list of external DNS servers using the resolvers
attribute. However, DNS resolvers are also
learned automatically via various systems such as DHCP
and PPPoE.
In most cases you do not need to set the resolvers.
You can configure names such that the FB2500 issues an NXDOMAIN response making it appear that the domain does not exist.
This can be done using a wildcard, e.g. you could block *.xxx
.
Instead of blocking names, you can also make some names return pre-defined responses. This is usually only
used for special cases, and there is a default for my.firebrick.co.uk
which returns
the FireBrick's own IP. Faking DNS responses will not always work, and new security measures
such as DNSSEC will mean these faked responses will not be accepted.
The FB2500 can also look for specific matching names and IP addresses for forward and reverse DNS that
match machines on your LAN. This is done by telling the FireBrick the domain
for your local network.
Any name that is within that domain which matches a client name of a DHCP
allocation that the FireBrick has made will return the IP address assigned by DHCP. This is applied in reverse for
reverse DNS mapping an IP address back to a name. You can enable this using the
auto-dhcp
attribute.