Date: Sat, 29 Sep 2001 16:58:27 -0500 From: David Kelly <dkelly@hiwaay.net> To: Galen Sampson <galen_sampson@yahoo.com> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: natd proxy Message-ID: <200109292158.f8TLwRw98995@grumpy.dyndns.org> In-Reply-To: Message from Galen Sampson <galen_sampson@yahoo.com> of "Sat, 29 Sep 2001 11:28:00 PDT." <20010929182800.11361.qmail@web14101.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Galen Sampson writes: > Hello all, > I have searched the mailling lists for this subject but found nothing > relevant. I suppose this is a question for -questions but I would appreciate > your thoughts. I would like to be able to run natd and a dhcp-server to > provide internet access to a lan through a single ip address. I would like to > be able to pass the address of the natd machine as the dns server option to all > dhcp clients to make this a truely dynamic setup. Unfortunately the only way I > have found to do this is to run named on the gateway machine (this is a small > lan and named seems like overkill/security risk). Another way (not dynamic in > terms of changing addresses/isps) would be to set up another divert rule and > run a second natd with the -reverse flag and port forward to a static ip > address to be used as a dns server. Is there any way to set up natd to proxy > dns using the systems current resolver? If not then this feature would be most > helpful. I think you are sweating unimportant details. Let the inside machines make outside DNS requests the same as the natd machine would. If you do not run named on the natd machine then there is no caching. Without caching there is no advantage of pointing the inside machines at your natd machine because however you divert the packets they still go out to the external DNS and return. Is much simpler and just as efficient to let the inside machines make the request of the outside DNS servers. A local caching name server isn't difficult. Protect it in your firewall against incoming requests from the outside and its just as safe as not running named. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109292158.f8TLwRw98995>