Re: DNS rules

[Askar <askarali@gmail.com>]

oops too quick to hit te Send buttong :)

if you going to set 
#resolv-file=
in /etc/dnsmasq then don't forget to repace it something

resolv-file=/etc/mydnsservers (the file that holding the IPs of your
ISP dns servers)

regards


On 5/1/05, Askar <askarali@gmail.com> wrote:
> dnsmasq would be a bit off topic here. :)
> you can download it from ....
> http://thekelleys.org.uk/dnsmasq/doc.html (I will prefer the source)
> After extracting the source, read "README" for howto install its
> pretty straight forward.
> ./configure; make install (needed)
> 
> this will copy "dnsmasq" binary /usr/sbin , which needed to running
> the dnsmasq daemon by type "dnsmasq" as root.
> 
> You can find the configuration file in /etc/dnsmasq.conf
> 
> You only have to change the line...
> 
> # Change this line if you want dns to get its upstream servers from
> # somewhere other that /etc/resolv.conf
> #resolv-file=
> 
> Note is not necessary coz if you don't set "resolv-fle=" , dnsmasq
> will read /etc/resolv.conf for upstream dns servers (where you have
> already specified your ISP dns IPs)
> If you prefer to set "resolv-file=" tag then here are the setups
> 
> #vi /etc/mydnsserver (create a file where you have to hard code the
> ips of your ISP dns servers
> 
> in the file type
> 
> nameserver xxx.xxx.xxx.xx (replace xxx with the ip)
> nameserver xxx.xxx.xxxx.xx (specify as many dns servers you wants)
> 
> then in /etc/resolv.conf , delete all the entries and type ...
> 
> nameserver 127.0.0.1
> 
> Now start dnsmasq , and try to confirm that its working by "dig, host,
> nslook etc)
> 
> You can also use dnsmasq as DHCP server ;)
> 
> Now you have to tell iptables to allow upd port 53 hmmmm
> 
> iptables -A INPUT -p udp -s 192.168.2.0/24 --dport 53 -j ACCEPT (for client)
> iptables -A OUTPUT -p udp --dport 53 -j ACCEPT (dnsmasq towards your ISP dns)
> 
> Hope this will helps
> 
> Regards
> Askar
> 
> On 5/1/05, varun_saa@vsnl.net <varun_saa@vsnl.net> wrote:
> >
> >
> > ----- Original Message -----
> > From: Askar <askarali@gmail.com>
> > Date: Sunday, May 1, 2005 3:22 pm
> > Subject: Re: DNS rules
> >
> > > Again it depends, how you setup your default policies. In case you are
> > > using recommended "default DROP" then you have to tell iptables to
> > > allow "udp 53" towards your ISP.
> > >
> > > iptables -A FORWARD -p udp --dport 53 -j ACCEPT
> > >
> > >
> > > If you are running a small LAN then running a cache only dns on your
> > > gateway would be beneficial, (that it will cache the lookups)
> > >
> > > dnsmasq is excellent cache only dns server and i'm sure you would get
> > > is running within 10 minutes.
> > > you can also use bind in cache only mode.
> > >
> > Thanks
> >
> > Can you elaborate on dnsmasq. Please.
> >
> > Varun
> >
> >
> 
> --
> I love deadlines. I like the whooshing sound they make as they fly by.
> Douglas Adams
> 


-- 
I love deadlines. I like the whooshing sound they make as they fly by.
Douglas Adams