Howdy,
Mark Brown wrote:
>
> DNS lookups go out on UDP and TCP port 53. If you're firewalling that
> out you won't be able to look up names. If you want to forward DNS
> lookups with BIND, set the "forwarders" option in the configuration
> file. If you're not running a nameserver then you can specify name
> servers in /etc/resolv.conf with "nameserver n.n.n.n".
Pollywog: i have a DSL connection.
i'm not running bind, and i have my ISPs nameservers in the resolv.conf
file.
here is the DNS section of my firewall script:
# DNS server (53)
# ---------------
# DNS forward-only nameserver
# ---------------------------
# forward-only can use regular TCP protocol to forwarders
ipchains -A output -i $EXTERNAL_INTERFACE -p udp \
-s $IPADDR 53 \
-d $NAMESERVER_1 53 -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p udp \
-s $NAMESERVER_1 53 \
-d $IPADDR 53 -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
-s $IPADDR $UNPRIVPORTS \
-d $NAMESERVER_1 53 -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $NAMESERVER_1 53 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p udp \
-s $IPADDR 53 \
-d $NAMESERVER_2 53 -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p udp \
-s $NAMESERVER_2 53 \
-d $IPADDR 53 -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
-s $IPADDR $UNPRIVPORTS \
-d $NAMESERVER_2 53 -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $NAMESERVER_2 53 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT
\\//_
