On Thu, Sep 23, 1999 at 12:38:15PM +0800, [EMAIL PROTECTED]
wrote:
> Anyone who knows ....
>
> Can you safely redirect UDP port 53 requests to your local nameserver without
> any problems?
In theory, yes. In practice, not.
Current bind series does not support "transparent proxy" kind
operation mode, which this requires. Mainly the problem is
that replies *must* appear to be coming from where-ever the
question was destined to, and there is no semi-trivial way
to do it except in bind core -- which must be augmented to
ask the kernel 'what was the destination IP for the next UDP
packet I am about to recvfrom()?', carry that info with the
request, and then reply back by at first binding the local
source address to be that..
Well, with upcoming DNSSEC things that might still not be
advisable, but that is for further study.
/Matti Aarnio <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
