Proxy DNS

Wed Jun 14 18:33:17 UTC 2000

Also do a line for 53 tcp and then make sure the named.conf does not limit
"allow-query"

Andy Dills wrote:

> Ok, I'm really stumped by this one. To my knowledge, this has not been
> addressed before anywhere.
>
> I've got a FreeBSD box doing nat/firewall for a network. Because we will
> have users with random DNS servers configured, we want to proxy the DNS
> requests so that all DNS requests are handled by the instance of named
> running on that bsd box.
>
> The way I had wanted to set this up is:
>
> ipfw add 10 fwd 127.0.0.1,53 udp from any to any 53 recv xl1
>
> But this doesn't work, and I can't figure out why. The only thing I can
> come up with is that maybe bind does some sanity checking to see if the
> dest ip of the dns request is an IP it knows about.
>
> For instance, if I do:
>
> ipfw add 10 fwd 127.0.0.1,80 tcp from any to andy 80 recv xl1
>
> then, anytime somebody tries to bring up a webpage they get the webpages
> being served by the bsd box.
>
> So, because apache works in that setup, I have to think that the packets
> are being forwarded properly. And because bind doesn't work, I have to
> think that it's doing some security checks or something and it's not
> answering the diverted DNS requests.
>
> Can anybody shed some light on this, and maybe suggest some ideas for
> debugging this?
>
> Thanks,
> Andy
>
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Andy Dills                              301-682-9972
> Xecunet, LLC                            www.xecu.net
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Dialup * Webhosting * E-Commerce * High-Speed Access

--
- water at bighead.org
- World's Greatest Speler