Mailinglist Archive: opensuse (1620 mails)

< Previous Next >
Re: [opensuse] Firewall
On 11/18/2014 09:52 AM, Bernhard Voelker wrote:

... which leads me to the question why the router couldn't/doesn't
do the name resolution?

Does the router have the DNS information about the LAN?
Does the router have a 'hosts' table filled in by the net admin giving
the name -> ip address mappings?

I suspect not.


I'll grant you that now that routers have sophisticated micros in them
they have a lot of computing power to spare, and i'll grant you that
many commercial firewalls are in that boat too and do lots of things not
associated with a typical Ranum-era firewall such as deep packet
inspection, DLP and more, and could act as a DNS server. I'll even
grant you that the home/smb class D-Llink and Linksys routers with wifi
capability can do DHCP.

But unless someone fill in their tables manually they don't know
anything about address mapping.

Now if you are using a Linux box loaded up with router software (along
with squid, dhcp, possibly LDAP, and more) there's no reason it can't
run DNS for the LAN as well. But once again someone has to explicitly
fill in the tables for the LAN. Only you can ... No wait, that's
forest fires isn't it? Only the network admin can fill in the tables.

The IP 'noise I was talking about are a completely different thing from
the Microsoft 'hosts' (or SMB hosts) "Broadcasting" their names and
addresses to the LAN.

ARP is about IP <-> MAC addresses, not names.
The router protocols are about IP address routeing, not about names.

Only DNS is about names and DNS requires someone to fill in the tables.

Oh, and the SMB Broadcast is for a LAN segment only, its not routable.


--
A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting frowned upon?

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >