From owner-freebsd-stable Sat Sep 29 14:58:35 2001 Delivered-To: freebsd-stable@freebsd.org Received: from grumpy.dyndns.org (user-24-214-57-209.knology.net [24.214.57.209]) by hub.freebsd.org (Postfix) with ESMTP id 5743537B40C for ; Sat, 29 Sep 2001 14:58:32 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by grumpy.dyndns.org (8.11.6/8.11.6) with ESMTP id f8TLwRw98995; Sat, 29 Sep 2001 16:58:30 -0500 (CDT) (envelope-from dkelly@grumpy.dyndns.org) Message-Id: <200109292158.f8TLwRw98995@grumpy.dyndns.org> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Galen Sampson Cc: freebsd-stable@FreeBSD.ORG From: David Kelly Subject: Re: natd proxy In-reply-to: Message from Galen Sampson of "Sat, 29 Sep 2001 11:28:00 PDT." <20010929182800.11361.qmail@web14101.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 29 Sep 2001 16:58:27 -0500 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Galen Sampson writes: > Hello all, > I have searched the mailling lists for this subject but found nothing > relevant. I suppose this is a question for -questions but I would appreciate > your thoughts. I would like to be able to run natd and a dhcp-server to > provide internet access to a lan through a single ip address. I would like to > be able to pass the address of the natd machine as the dns server option to all > dhcp clients to make this a truely dynamic setup. Unfortunately the only way I > have found to do this is to run named on the gateway machine (this is a small > lan and named seems like overkill/security risk). Another way (not dynamic in > terms of changing addresses/isps) would be to set up another divert rule and > run a second natd with the -reverse flag and port forward to a static ip > address to be used as a dns server. Is there any way to set up natd to proxy > dns using the systems current resolver? If not then this feature would be most > helpful. I think you are sweating unimportant details. Let the inside machines make outside DNS requests the same as the natd machine would. If you do not run named on the natd machine then there is no caching. Without caching there is no advantage of pointing the inside machines at your natd machine because however you divert the packets they still go out to the external DNS and return. Is much simpler and just as efficient to let the inside machines make the request of the outside DNS servers. A local caching name server isn't difficult. Protect it in your firewall against incoming requests from the outside and its just as safe as not running named. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message