From owner-freebsd-questions  Thu Sep 24 20:11:23 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA15245
          for freebsd-questions-outgoing; Thu, 24 Sep 1998 20:11:23 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from ninbox.ml.org (max1-85.airnet.net [207.242.81.85])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA15225
          for <freebsd-questions@FreeBSD.ORG>; Thu, 24 Sep 1998 20:11:14 -0700 (PDT)
          (envelope-from kris@airnet.net)
Received: from airnet.net (localhost [127.0.0.1])
	by ninbox.ml.org (8.8.8/8.8.8) with ESMTP id WAA02054;
	Thu, 24 Sep 1998 22:10:15 -0500 (CDT)
	(envelope-from kris@airnet.net)
Message-ID: <360B0997.92CE5586@airnet.net>
Date: Thu, 24 Sep 1998 22:10:15 -0500
From: Kris Kirby <kris@airnet.net>
Organization: Absolutely None!
X-Mailer: Mozilla 4.05 [en] (X11; U; FreeBSD 2.2.7-RELEASE i386)
MIME-Version: 1.0
To: Mark Murdock <fee@tetrahome.tetranet.net>
CC: freebsd-questions@FreeBSD.ORG
Subject: Re: resolving ips? (fwd)
References: <Pine.BSD/.3.91.980924000827.28488A-100000@tetrahome.tetranet.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Mark Murdock wrote:
> Yet another question for freebsd network experts:

<ahem> Suddenly, I feel I should *not* be the one answering this.

> When I try to telnet to an ip address, my system attempts to contact my
> name servers in my /etc/resolv.conf file.  I was actually unable to telnet
> to an ip due to this when my ipfw configuration was blocking udp on 53.

I haven't looked over IPFW, but generally I allow all out-bound
connections. It seems to do the job, and they'd have to crack me to put
up a backdoor. I limit incoming connections severely though. There is
never enough security.
 
> Why consult the resolver?  Why not just make your connection based on the
> kernel routing tables?

<KIDDING> I lie awake at night and ponder the same thing... </KIDDING> I
have a few machines on a LAN. They like to talk. They like to email me,
at my main computer. So I put up a DNS (named) that gets killed in my
ppp.linkup, and a caching DNS started. When the ppp link goes down, so
does the caching DNS. The trick behind that idea was making my local DNS
primary, which meant that it *had* to be killed. Otherwise I wouldn't be
able to access ML.ORG. That's who I "locally" DNS for. My .ml.org.
machines actually coincide with real names / addresses. You just can't
telnet to them because they don't exist (using the 10 domain). But all
is fine and dandy on my side of the firewall :).

-- 
Kris Kirby 
UAH Mail <kirbyk@email.uah.edu> UAH CS <kkirby@cs.uah.edu>
Home     <kris@airnet.net>      WWW <nomurphy@hotmail.com>
-------------------------------------------
TGIFreeBSD... 'Nuff said.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message