On 29 Mar 2014 at 22:10, Stéphane Guedon wrote:
> Hello
>
> I am currently trying to run two nameserver on the same Openbsd
> server.
>
> The first one is an autoritative (let's say bind or nsd, no one
> cares).
> the second will be dnsmasq.
>
> You guess the objective of the construction : give local answers from
> dhcp leases to local requests, and give autoritatives for the internet
> requests.
>
> That's for the presentation.
>
> I can run dnsmasq on a different port, but how do I give my local
> hosts
> the idea of interrogating a non standard dns port ?
> Then I though I could drive the traffic from my LAN to the port where
> dnsmasq is running on.
>
> so here is pf conf (obviously expurged) :
>
> #######
>
> table <localnet> { local addresses }
>
> # common
> pass in log on egress proto { tcp, udp } from any to re0 port domain
>
> # local
> pass in quick log on re0 inet proto { udp,tcp } from <localnet>
> port domain rdr-to 127.0.0.1 port 5353
unless I'm severly mistaken (and someone will correct me), the rule as
written will match only packets whose SOURCE port is domain ... you are
missing a "to (self)" or "to any" in front of the port specification to
achieve your objective.
> #pass in quick log on re0 proto { udp,tcp } from <localnet> port
> domain divert-packet port 5353
>
> #######
>
> I first tried to use the divert-packet rule (that way I don't have to
> care if the traffic is ipv6 or ipv4), then I tried to redirect using
> rdr-to 127... like most tutorials I found regarding rdr.
>
> I move the local rules before or after the common one, place a quick
> on the common or removed it...
>
> Nothing : the common rule is always the one that applies according to
> the logs.
> Can you tell me what I am doing wrong ?
