FWBuilder DNS Object Run Time - when exactly does it resolve the DNS name?
Posted
by Jakobud
on Server Fault
See other posts from Server Fault
or by Jakobud
Published on 2010-04-19T15:36:26Z
Indexed on
2010/04/19
15:44 UTC
Read the original article
Hit count: 274
In Firewall Builder, when you use the DNS Object and set it to run time, when exactly does the firewall (iptables in our case) actually resolve the DNS name?
- Is it whenever a call is made to that DNS name in the firewall? So the firewall would resolve the name on the fly whenever someone/something tries to access that DNS name?
- Or is it when you execute the fw script to load the rules into iptables? So in this case, it would resolve the DNS name that one time and then hard-code the resulting ip address into the iptable rules?
From what I read, I think its #1, but it's just not 100% clear to me. We have two servers for a certain function on our network. One is the primary server and one is backup.
alpha0.domain.com
alpha1.domain.com
In DNS we have this:
alpha.domain.com -> alpha0.domain.com
If the primary server goes down and we need to switch to the backup, I just change our local DNS record to point to alpha1.domain.com instead.
So back to the firewall, if I just put in a Domain Object as alpha.domain.com, do I have to reload the firewall rules every time we switch to the backup alpha server and change the DNS record? Or will the firewall automatically resolve to the correct address even after the switch?
© Server Fault or respective owner
