oops too quick to hit te Send buttong :) if you going to set #resolv-file= in /etc/dnsmasq then don't forget to repace it something resolv-file=/etc/mydnsservers (the file that holding the IPs of your ISP dns servers) regards On 5/1/05, Askar <askarali@xxxxxxxxx> wrote: > dnsmasq would be a bit off topic here. :) > you can download it from .... > http://thekelleys.org.uk/dnsmasq/doc.html (I will prefer the source) > After extracting the source, read "README" for howto install its > pretty straight forward. > ./configure; make install (needed) > > this will copy "dnsmasq" binary /usr/sbin , which needed to running > the dnsmasq daemon by type "dnsmasq" as root. > > You can find the configuration file in /etc/dnsmasq.conf > > You only have to change the line... > > # Change this line if you want dns to get its upstream servers from > # somewhere other that /etc/resolv.conf > #resolv-file= > > Note is not necessary coz if you don't set "resolv-fle=" , dnsmasq > will read /etc/resolv.conf for upstream dns servers (where you have > already specified your ISP dns IPs) > If you prefer to set "resolv-file=" tag then here are the setups > > #vi /etc/mydnsserver (create a file where you have to hard code the > ips of your ISP dns servers > > in the file type > > nameserver xxx.xxx.xxx.xx (replace xxx with the ip) > nameserver xxx.xxx.xxxx.xx (specify as many dns servers you wants) > > then in /etc/resolv.conf , delete all the entries and type ... > > nameserver 127.0.0.1 > > Now start dnsmasq , and try to confirm that its working by "dig, host, > nslook etc) > > You can also use dnsmasq as DHCP server ;) > > Now you have to tell iptables to allow upd port 53 hmmmm > > iptables -A INPUT -p udp -s 192.168.2.0/24 --dport 53 -j ACCEPT (for client) > iptables -A OUTPUT -p udp --dport 53 -j ACCEPT (dnsmasq towards your ISP dns) > > Hope this will helps > > Regards > Askar > > On 5/1/05, varun_saa@xxxxxxxx <varun_saa@xxxxxxxx> wrote: > > > > > > ----- Original Message ----- > > From: Askar <askarali@xxxxxxxxx> > > Date: Sunday, May 1, 2005 3:22 pm > > Subject: Re: DNS rules > > > > > Again it depends, how you setup your default policies. In case you are > > > using recommended "default DROP" then you have to tell iptables to > > > allow "udp 53" towards your ISP. > > > > > > iptables -A FORWARD -p udp --dport 53 -j ACCEPT > > > > > > > > > If you are running a small LAN then running a cache only dns on your > > > gateway would be beneficial, (that it will cache the lookups) > > > > > > dnsmasq is excellent cache only dns server and i'm sure you would get > > > is running within 10 minutes. > > > you can also use bind in cache only mode. > > > > > Thanks > > > > Can you elaborate on dnsmasq. Please. > > > > Varun > > > > > > -- > I love deadlines. I like the whooshing sound they make as they fly by. > Douglas Adams > -- I love deadlines. I like the whooshing sound they make as they fly by. Douglas Adams
