I have 2 DNS servers, one I consider internal because it only has entries for my private devices and resources. The other is configured to forward names it cannot reslove to my ISP.

Unfortunately the only way I can prevent users from accessing the web (which 1/2 of them shouldn't) is by configuring their machine so that it doesn't have what I call the external DNS entry. Of course this is weak.

It doesn't matter if everyone has the internal DNS and so I wish to send it out via DHCP. The problem is that when this is done, the users who should go to the internet is not being resolved by the external DNS.

Is there anyway to let the DNS servers cascade, meaning if one cannot reslove the IP address send the request to the other, without putting the forwarder option on the DNS - which would defeat the purpose anyway. The only way that the secondary will work is if the primary can't be reached, but what if the primary can be reached but it cannot reslove the name?

I know I am being ambitious and probably foolish, but I had to ask. I am looking into having the firewall police who should connect to Internet, but that is will not be for a little while.

Thanx.

is it possible to make the secondary the isp dns on the computers you want to reach outside?
a firewall on a server at the gateway could have a filter list of hosts who can or cannot go out. ye?

is it possible to make the secondary the isp dns on the computers you want to reach outside?
a firewall on a server at the gateway could have a filter list of hosts who can or cannot go out. ye?


Keep talking Deakie, I would particularliy be interested in a Linux solution since I have no money. I a wait.

Just Finished installing SQUID Proxy Server under Linux. My plan is now to use this for the users who are allowed to connect to the internet. I have not seen where it will authenticate user names but it uses MAC as well as IP addresses in it access control list, I will check the guys at JALUG to see if they can give me any insight.

Peace

sorry i didnt get back to this in time but yeah....squid was something i would have suggested but i hear its a script oriented type proxy and can get very tacky. however, lots of stable servers use it.
now that you have gone over to linux, you have lost me completely. i have yet to do my linux box.
gaming is currently taking my time up at home.... :D ;D :P

sorry i didnt get back to this in time but yeah....squid was something i would have suggested but i hear its a script oriented type proxy and can get very tacky. however, lots of stable servers use it.

This I have discovered, thanks again for the conceptual design (suggestion). I guess betwwen myself and the JALUG crew we will work out the glitches

X