r> A firewall that blocks DNS traffic would have to have some
r> relaying - if not http would be useless, right!
You're missing a vital element here.
I'm sitting at my desk... I have no access to outside DNS
information. I can go to my webproxy and browse outside... but that's
because the web proxy is configured to use outside DNS sources. That
does me absolutely no good on my desktop and if it requires installing
a separate proxy on the firewall or a separate service to gate
protocols it's going to fall flat on it's face.
r> I can't see why DNS-relaying should be a problem.
Then you obviously don't sit behind the same type of corporate
firewall that thousands of us do.
-- Gary F.
-- "Yes, the airlines are cutting back on food service, as was dramatically demonstrated on a recent New-York-to-London flight wherein nine first-class passengers were eaten by raiders from coach." -- Dave Barry