From owner-freebsd-questions Sat Mar 13 17:50: 6 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mailhost1.attcanada.net (mailhost1.attcanada.net [206.191.82.42]) by hub.freebsd.org (Postfix) with ESMTP id AD80414E85 for ; Sat, 13 Mar 1999 17:50:03 -0800 (PST) (envelope-from j.yeo@attcanada.net) Received: from homepc ([142.194.55.154]) by mailhost1.attcanada.net (InterMail v03.02.07 118 124) with SMTP id <19990314014459.BRF2052@homepc> for ; Sun, 14 Mar 1999 01:44:59 +0000 Message-ID: <009c01be6dbd$48993800$0a64a8c0@homepc> From: "Jeff Yeo" To: "FBSDQuestions" Subject: How-to for simple DNS? Date: Sat, 13 Mar 1999 17:52:11 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I am setting up a firewall (using natd and ipfw) between an internal LAN and my ISP. I discovered that the internal PCs cannot use the ISP DNS servers through natd (I suppose this is a given for those of you who are more experienced). Using tcpdump, I see that natd is blocking the UDP responses from the ISP's DNS server. I've searched the mail archives, but the only refernces I could find dealt with situations where the UDP port was known for both inbound and outbound traffice (i.e. playing Quake etc.) In this case, the DNS client selects a "random" ephemeral outbound UDP port so I can't see how to apply any of the methods mentioned in the archives. Is there a way around this, other than setting up a DNS on the firewall box? If I do have to set up DNS on the firewall, I just want the DNS on the firewall to forward any local requests to the ISP DNS and return the results. I've got limited resources on this box (disk and RAM) and don't want to load it up too too much. I don't really need to do maintain any DNS entries for hosts on the local network, and don't want to "publish" any entries externally either. Guess I'm looking for more of a DNS proxy than a server. I've looked at a number of sources, and they all seem to deal with configuring a full-blown DNS server. Can anyone point me to anything that covers what I want to do? I am fairly new at this, so it certainly is possible that the answer is staring me in the face and I don't know it. Just to provide a complete picture of what is going on in the box, the firewall can't seem to resolve host names against the ISP DNS anyway. The /etc/resolv.conf contains the correct nameserver entries, and the /etc/host.conf has "hosts" before "bind". Any suggestions, pointers, URLs, or otherwise would be greatly appreciated. Jeff To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message