which is better

[alvi]

i have two questions to ask

1) i am using dsl
the router dns is 10.x.x.x
and
isp dns is 203.x.x.x

for masquareding client need dns entry
now tell me which entry is better
for router dns entry or isp dns entry .

mean which provide better speed

from my point of view isp dns is better because router dns first convert 10.x.x.x to 203.x.x.x and then send dns query to isp. am i right ?

2) i want to to accept some mac addres from my clients on input chain as

iptables - A INPUT -m mac --mac-source x.x.x.x.x -j Accept
---------------------------- ----
-----

now i want to drop all others clients mac how can i do that

[Roxoff]

You should leave your ISP IP-assigned for your router to use, and use private-range IP addreses for all the machines in the lan. Either set up DNS for your lan, or assign ip/name translations through your /etc/hosts file on each machine.

[borromini]

I don't think the speed of your connection depends on your IP.

As for the router, the router has an internal IP (mostly 192.x.x.x) and an external one (the 203.x.x.x it will get from your ISP). They are not related in any way. Your router will check every incoming packet anyway, everything has to pass through the router...

As for accepting traffic from peer computers on the LAN, just filter on their internal IP (192.x.x.x). No need to do that on the MAC address; unless your config changes every single minute, the DHCP server will give every connected PC always the same internal IP. I have two PC's on my LAN, and they always get the same IP; even if there 'alone' on the network. Your pc will ask for the same IP if possible, and he will get it if the DHCP hasn't already given it out.

Edit: You can filter on the MAC addresses and drop all the other clients - just set your default policy to 'deny all'; then you explicitly have to specify what to accept though.

[alvi]

dear borrowmini you didnot understand what i want to say


i said dns resolving . if i said 10.0.0.2 it mean request will go first to router then router will change this dns to isp real dns server like 203.x.x.x
and then forward this request
but if i use isp dns then router just forward this request to isp dns mean router is not busy to change router dns to isp dns

here is the full story

i am using squid for port 80 requests and gateway for other requests
now for gatway we need every machine with dns . i have two dns one for router that is 10.0.0.2 and other is 203.x.x.x ( isp dns ).my /etc/resolve is showing 10.0.0.2 dns which is router dns.



so i am little bit confuse which is better dns ???

[loft306]

the router will have a caching dns server in it and they seem to be the quickest
stay away from isp's dns servers if you can they are notorious for going down and being slow