From owner-freebsd-stable@FreeBSD.ORG  Fri Oct 29 16:01:22 2004
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2D61216A4CE
	for <freebsd-stable@freebsd.org>;
	Fri, 29 Oct 2004 16:01:22 +0000 (GMT)
Received: from fw.farid-hajji.net (fw.farid-hajji.net [213.146.115.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9D9F143D46
	for <freebsd-stable@freebsd.org>;
	Fri, 29 Oct 2004 16:01:21 +0000 (GMT)
	(envelope-from cpghost@cordula.ws)
Received: from bsdbox.farid-hajji.net (bsdbox [192.168.254.3])
	by fw.farid-hajji.net (Postfix) with ESMTP id 1747D4ADB8;
	Fri, 29 Oct 2004 18:00:40 +0200 (CEST)
Date: Fri, 29 Oct 2004 18:02:55 +0200
From: cpghost@cordula.ws
To: Peter Ulrich Kruppa <root@pukruppa.de>
Message-ID: <20041029160255.GA783@bsdbox.farid-hajji.net>
References: <20041026141721.X816@pukruppa.net>
	<20041029090017.I827@pukruppa.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20041029090017.I827@pukruppa.net>
User-Agent: Mutt/1.5.6i
cc: freebsd-stable@freebsd.org
Subject: Re: ppp -nat broken [solved]
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Oct 2004 16:01:22 -0000

On Fri, Oct 29, 2004 at 09:52:51AM +0200, Peter Ulrich Kruppa wrote:
> On Tue, 26 Oct 2004, Peter Ulrich Kruppa wrote:
> learn that named and BIND have changed. I did the respective 
> changes and edited two entries in /var/named/etc/named/named.conf
> 1) I commented
> 	listen-on	{127.0.0.1;};

Instead of opening a 53/tcp, 53/udp port to the world (ANYADDR),
you may prefer to restrict the address range to your internal LAN only,
with something like (replace 192.168.10.0/24 accordingly):

listen-on { 127.0.0.1; 192.168.10.0/24; };

Check with 'sockstat -46' to be sure.

> 2) I put my two nameserver IPs (from /etc/resolv.conf) into
> 	forwarders {
> 		195.62.99.42;
> 		195.62.97.177;
> 	};

They are not absolutely necessary: named is perfectly able to
query root and other servers itself. You could experiment with
or without forwarders, and pick the configuration that is faster
for you. As a general rule of thumb: Forwarders are good for
recursive queries, because only one query will travel through
your ADSL link, other queries being done by your ISPs nameservers.
They are also good, because you can profit from your ISPs nameservers'
cache. But they can hinder performance, should one or both of those
nameservers be down for whatever reason.

Cheers,
cpghost.

-- 
Cordula's Web. http://www.cordula.ws/