I'm configuring a three-homed firewall, and I'm reading the official tutorial. From thatl tutorial it seems that the recommendation is to run offer intra-net clients DNS and NTP from the firewall itself. Installing all these services on the firewall seems to go against the conventional wisdom that internet-connected machines should offer as few services as possible. So, I'm wondering what the reasoning is here. I've tried using PlugProxy for DNS and NTP, and that does work. I feel more comfortable proxying this traffic instead of running the services on the firewall, but it seems that the proxied DNS is causing a considerable slow-down for web surfing from my intra-net. Is it to be expected that PlugProxy for DNS is a performance problem? If so, is this a problem with proxied UDP in general? Is this performance problem the main reason that the tutorial recommends running DNS and NTP on the firewall? Thanks for any recommendations and discussion here.