Re: DNS rules

[Mohamed Eldesoky <eldesoky.lists@gmail.com>]

I didn't understand that part !!

On 5/1/05, Askar <askarali@gmail.com> wrote:
> oops too quick to hit te Send buttong :)
> 
> if you going to set
> #resolv-file=
> in /etc/dnsmasq then don't forget to repace it something
> 
> resolv-file=/etc/mydnsservers (the file that holding the IPs of your
> ISP dns servers)
> 
> regards
> 
> 
> On 5/1/05, Askar <askarali@gmail.com> wrote:
> > dnsmasq would be a bit off topic here. :)
> > you can download it from ....
> > http://thekelleys.org.uk/dnsmasq/doc.html (I will prefer the source)
> > After extracting the source, read "README" for howto install its
> > pretty straight forward.
> > ./configure; make install (needed)
> >
> > this will copy "dnsmasq" binary /usr/sbin , which needed to running
> > the dnsmasq daemon by type "dnsmasq" as root.
> >
> > You can find the configuration file in /etc/dnsmasq.conf
> >
> > You only have to change the line...
> >
> > # Change this line if you want dns to get its upstream servers from
> > # somewhere other that /etc/resolv.conf
> > #resolv-file=
> >
> > Note is not necessary coz if you don't set "resolv-fle=" , dnsmasq
> > will read /etc/resolv.conf for upstream dns servers (where you have
> > already specified your ISP dns IPs)
> > If you prefer to set "resolv-file=" tag then here are the setups
> >
> > #vi /etc/mydnsserver (create a file where you have to hard code the
> > ips of your ISP dns servers
> >
> > in the file type
> >
> > nameserver xxx.xxx.xxx.xx (replace xxx with the ip)
> > nameserver xxx.xxx.xxxx.xx (specify as many dns servers you wants)
> >
> > then in /etc/resolv.conf , delete all the entries and type ...
> >
> > nameserver 127.0.0.1
> >
> > Now start dnsmasq , and try to confirm that its working by "dig, host,
> > nslook etc)
> >
> > You can also use dnsmasq as DHCP server ;)
> >
> > Now you have to tell iptables to allow upd port 53 hmmmm
> >
> > iptables -A INPUT -p udp -s 192.168.2.0/24 --dport 53 -j ACCEPT (for client)
> > iptables -A OUTPUT -p udp --dport 53 -j ACCEPT (dnsmasq towards your ISP dns)
> >
> > Hope this will helps
> >
> > Regards
> > Askar
> >
> > On 5/1/05, varun_saa@vsnl.net <varun_saa@vsnl.net> wrote:
> > >
> > >
> > > ----- Original Message -----
> > > From: Askar <askarali@gmail.com>
> > > Date: Sunday, May 1, 2005 3:22 pm
> > > Subject: Re: DNS rules
> > >
> > > > Again it depends, how you setup your default policies. In case you are
> > > > using recommended "default DROP" then you have to tell iptables to
> > > > allow "udp 53" towards your ISP.
> > > >
> > > > iptables -A FORWARD -p udp --dport 53 -j ACCEPT
> > > >
> > > >
> > > > If you are running a small LAN then running a cache only dns on your
> > > > gateway would be beneficial, (that it will cache the lookups)
> > > >
> > > > dnsmasq is excellent cache only dns server and i'm sure you would get
> > > > is running within 10 minutes.
> > > > you can also use bind in cache only mode.
> > > >
> > > Thanks
> > >
> > > Can you elaborate on dnsmasq. Please.
> > >
> > > Varun
> > >
> > >
> >
> > --
> > I love deadlines. I like the whooshing sound they make as they fly by.
> > Douglas Adams
> >
> 
> --
> I love deadlines. I like the whooshing sound they make as they fly by.
> Douglas Adams
> 
> 


-- 
Mohamed Eldesoky
www.eldesoky.net
RHCE