Controlling your DNS in your Firewall

We are going to get technical for a bit. Tape up your glasses, slip in your favorite pocket protector, go grab your favorite IT person and gather around the computer screen.

Recently we were working on moving a radiology customer from one Internet Service Provider (ISP)to a new ISP. When you do this, the Domain Name Server (DNS) normally changes. So? What's the big deal, and how does this affect my radiology department?

The problem arises because most modality and PACS vendors end up hard coding the IP address into the modality, workstations and PACS server. This all works fine as long as you don't change your ISP. It is easy for the vendor to do - a case where the vendor can choose to do it fast and easy, or do it right the first time.

The better approach is to assign your IP address in your firewall. This way all the information regarding that IP connection - the default gateway, the DNS servers, WINS servers, any of that info, is given out each time the device boots up. For example, on your PACS server you can tell it to go to the firewall each time it boots and get it's address. Inside the firewall you can have it give the same address to the server each time based on the servers MAC address. If at any time that info changes - say you change your Internet service and the DNS changes - then all the devices on your network will automatically go and get that new information when they turn on. This can save a tremendous amount of confusion and cost later if something changes on your network. It can save a very expensive service call from your vendor when they have to come out and make all these changes for you!

So the end result - manage your network settings - IP addresses, default gateways, DNS servers - through your firewall, not at the modality work PACS server. It will save you a huge and costly headache down the road!