From owner-freebsd-questions@FreeBSD.ORG Fri Sep 27 22:04:07 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id EDAC7629 for ; Fri, 27 Sep 2013 22:04:07 +0000 (UTC) (envelope-from frank2@fjl.co.uk) Received: from bs1.fjl.org.uk (bs1.fjl.org.uk [84.45.41.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 607902D91 for ; Fri, 27 Sep 2013 22:04:07 +0000 (UTC) Received: from [192.168.1.35] (mux.fjl.org.uk [62.3.120.246]) (authenticated bits=0) by bs1.fjl.org.uk (8.14.4/8.14.4) with ESMTP id r8RM3xvG087729 (version=TLSv1/SSLv3 cipher=DHE-DSS-CAMELLIA256-SHA bits=256 verify=NO) for ; Fri, 27 Sep 2013 23:03:59 +0100 (BST) (envelope-from frank2@fjl.co.uk) Message-ID: <524600CF.3040609@fjl.co.uk> Date: Fri, 27 Sep 2013 23:03:59 +0100 From: Frank Leonhardt User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53 References: <5245CC59.5060204@laposte.net> In-Reply-To: <5245CC59.5060204@laposte.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Sep 2013 22:04:08 -0000 On 27/09/2013 19:20, Laurent SALIN wrote: > Hello, > I wondering how i can send queries to a dns resolver listening on a > different port than the normaly 53 tcp/udp ? > > The situation: > I've got a vps who running NSD as a autoritative nameserver, listening > on tcp/udp 53 and unbound as personnal resolver, listening on a > different tcp/udp port. It work very well on his own or with my OpenBSD > gateway at home as DNS cache. > > Recently i've got a new FreeBSD VPS and I want to use the first VPS as > DNS nameserver for the second VPS but FreeBSD is unable to send queries > to nameserver on a different port as the normal one (tcp/udp 53). > > I've got a "bad" solution, use unbound on the second VPS and maybe tell > him to ask the 1rst VPS on the unusual tcp/udp port, but I wonder myself > if is it possible with Packet Filter to change the destination port of > the queries forwarded to my 1rst VPS from tcp/udp 53 to tcp/udp 5353 for > exemple ? > > Or maybe anybody got a other solution ? > > I hope you'll understand me :-/ > > Laurent SALIN > If I understand the way it works correctly, the resolver pulls a list of the NS and hard-sets the port number for each to 53 (via a manifest constant) . See libc/resolv/res_init.c. All you need to do(!) is change this to a value of your choice and recompile libc (and anything that links to it statically) and it should be sorted. Or find an easier work-around. I don't see any reason why the resolver library can't be modified to pick up a range of port numbers from the config (as other systems have), but AFAIK it can't. The resolver isn't part of the kernel - it's the application doing the lookup, not FreeBSD (except in libc being part of the base system). Oh you know what I mean! Each application makes its own lookup. I could be spectacularly out-of-date with this. Regards, Frank.