> >> i have a local resolver in my main server. how can intercept DNS going > >> outside and point it to a recursive server under my control? > > Firewall NAT. Same as you redirect port 80 to squid, but redirecting port > > 53 UDP to the internal DNS resolver. On 16.10.10 21:48, mohd hafiz wrote: > Can i do as below: > > eth0= interface to internet > $LAN_IN = interface to lan > $SQUID_SERVER = local DNS resolver > $SQUID_PORT = 3128 > > iptables -t nat -A PREROUTING -i $LAN_IN -p udp --dport 53 -j DNAT > --to $SQUID_SERVER:$SQUID_PORT > > iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j REDIRECT > --to-port 3128 > > this will redirect udp port 53 to my local resolver server. I think you should know that SQUID is NOT a DNS server and can NOT process DNS requests from your clients. Squid is HTTP-only proxy. You must have DNS server on the machine you redirect DNS requests to (It doesn't have to be the same squid runs on), and it will probably listen at port 53, not 3128. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. (R)etry, (A)bort, (C)ancer