> Workarounds: > > 1) run an internal DNS behind the firewall, and direct all queries at > that system, punch a hole through the firewall to allow that system > through. I do this on my network, I have a bridged freebsd box > which has a default ipfw policy of deny, then I told BIND to only > use UDP port 53 for all actions(makes it firewall-friendly), and > opened a hole in the firewall to allow requests to go to UDP/53 > on my nameserver. You shouldn't need to allow incoming requests > just outgoing, since my server is authortative for about 45 domains > I need to allow incoming as well. > 2) Try running all of your DNS requests over TCP, using the > 'host' command you can do this, I am not aware of any way to get > the system to default to this. > 3) point to your proxy using it's IP address not the domain name > so it doesn't have to resolve anything. Many proxy servers handle > all DNS resolution as well, so if your using a proxy your system > doesn't need to know what debian.org or whatever resolves to. > > > #3 is the best interim solution, if you run a network, the best > long term solution is #1, that way you have both DNS and a DNS > cache on your internal network. > > nate
I've specified some rules in shorewall to allow me acces to port 53 with tcp and udp. It still doesn't work. As for #3, i don't know what the ip is of this proxy so i won't be able to use this. I think sollution on is going to be what i need. Seems a bit overkill though for what i want to do. Another sollution is to temporarily shutdown the firewall but i do not want to do this. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
