I didn't understand that part !! On 5/1/05, Askar <askarali@xxxxxxxxx> wrote: > oops too quick to hit te Send buttong :) > > if you going to set > #resolv-file= > in /etc/dnsmasq then don't forget to repace it something > > resolv-file=/etc/mydnsservers (the file that holding the IPs of your > ISP dns servers) > > regards > > > On 5/1/05, Askar <askarali@xxxxxxxxx> wrote: > > dnsmasq would be a bit off topic here. :) > > you can download it from .... > > http://thekelleys.org.uk/dnsmasq/doc.html (I will prefer the source) > > After extracting the source, read "README" for howto install its > > pretty straight forward. > > ./configure; make install (needed) > > > > this will copy "dnsmasq" binary /usr/sbin , which needed to running > > the dnsmasq daemon by type "dnsmasq" as root. > > > > You can find the configuration file in /etc/dnsmasq.conf > > > > You only have to change the line... > > > > # Change this line if you want dns to get its upstream servers from > > # somewhere other that /etc/resolv.conf > > #resolv-file= > > > > Note is not necessary coz if you don't set "resolv-fle=" , dnsmasq > > will read /etc/resolv.conf for upstream dns servers (where you have > > already specified your ISP dns IPs) > > If you prefer to set "resolv-file=" tag then here are the setups > > > > #vi /etc/mydnsserver (create a file where you have to hard code the > > ips of your ISP dns servers > > > > in the file type > > > > nameserver xxx.xxx.xxx.xx (replace xxx with the ip) > > nameserver xxx.xxx.xxxx.xx (specify as many dns servers you wants) > > > > then in /etc/resolv.conf , delete all the entries and type ... > > > > nameserver 127.0.0.1 > > > > Now start dnsmasq , and try to confirm that its working by "dig, host, > > nslook etc) > > > > You can also use dnsmasq as DHCP server ;) > > > > Now you have to tell iptables to allow upd port 53 hmmmm > > > > iptables -A INPUT -p udp -s 192.168.2.0/24 --dport 53 -j ACCEPT (for client) > > iptables -A OUTPUT -p udp --dport 53 -j ACCEPT (dnsmasq towards your ISP dns) > > > > Hope this will helps > > > > Regards > > Askar > > > > On 5/1/05, varun_saa@xxxxxxxx <varun_saa@xxxxxxxx> wrote: > > > > > > > > > ----- Original Message ----- > > > From: Askar <askarali@xxxxxxxxx> > > > Date: Sunday, May 1, 2005 3:22 pm > > > Subject: Re: DNS rules > > > > > > > Again it depends, how you setup your default policies. In case you are > > > > using recommended "default DROP" then you have to tell iptables to > > > > allow "udp 53" towards your ISP. > > > > > > > > iptables -A FORWARD -p udp --dport 53 -j ACCEPT > > > > > > > > > > > > If you are running a small LAN then running a cache only dns on your > > > > gateway would be beneficial, (that it will cache the lookups) > > > > > > > > dnsmasq is excellent cache only dns server and i'm sure you would get > > > > is running within 10 minutes. > > > > you can also use bind in cache only mode. > > > > > > > Thanks > > > > > > Can you elaborate on dnsmasq. Please. > > > > > > Varun > > > > > > > > > > -- > > I love deadlines. I like the whooshing sound they make as they fly by. > > Douglas Adams > > > > -- > I love deadlines. I like the whooshing sound they make as they fly by. > Douglas Adams > > -- Mohamed Eldesoky www.eldesoky.net RHCE
