Joostvgh would have has the same topology issues (routing/NAT) and easy circumventions (tunneling of DNS, private lookups, etc.) It is, in effect, merely replacing a DNS server with a server that acts like one.
But it -seems- it would be easier to adapt to the entire domain and changes within the domain as they occur than PF's more limited DNS resolution only at rule-load.
Last edited by jggimi; 15th January 2010 at 04:46 AM.
|