View Single Post
  #3   (View Single Post)  
Old 9th February 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

PF can use domain resolution, but only at the time the rules are being loaded. If the IP address changes, the rules must be reloaded to obtain changed addresses. This also means that your DNS server, if used for resolution, must be available during boot. If this is not possible, you would want to place all names to be resolved in the PF server's hosts(5) file, and use "lookup file bind" in resolv.conf(5).

If you have a DNS server on the same platform -- i.e.: you have "nameserver 127.0.0.1" in resolv.conf(5) -- you need to be aware that PF rules are loaded by rc(8) before named(8) is started by rc(8). Therefore, you would require the same hosts(5) lookup for resolution.

Last edited by jggimi; 9th February 2009 at 06:43 PM. Reason: clarity
Reply With Quote