From owner-freebsd-questions@FreeBSD.ORG  Sat Sep 28 16:32:11 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 75664AE9
 for <freebsd-questions@freebsd.org>; Sat, 28 Sep 2013 16:32:11 +0000 (UTC)
 (envelope-from terje@elde.net)
Received: from keepquiet.net (keepquiet.net [78.46.162.42])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 30B542508
 for <freebsd-questions@freebsd.org>; Sat, 28 Sep 2013 16:32:10 +0000 (UTC)
Received: from [10.165.194.4] (2.150.52.162.tmi.telenormobil.no [2.150.52.162])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 (Authenticated sender: terje@elde.net)
 by keepquiet.net (Postfix) with ESMTPSA id 20AE52E449;
 Sat, 28 Sep 2013 18:32:08 +0200 (CEST)
References: <5245CC59.5060204@laposte.net> <524600CF.3040609@fjl.co.uk>
 <13463C66-C15D-48E0-B926-CA0BF6580CAD@elde.net> <524610BE.4020904@fjl.co.uk>
 <CAHu1Y70bkt7g+95uUA_zUBt6NGbBKQvtcWpEeLM7rB0eFg6y_w@mail.gmail.com>
 <5246DEB3.7090002@fjl.co.uk>
In-Reply-To: <5246DEB3.7090002@fjl.co.uk>
Mime-Version: 1.0 (1.0)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii
Message-Id: <A86693BE-6DAB-4D40-9848-80A2B81003EF@elde.net>
X-Mailer: iPhone Mail (10B329)
From: Terje Elde <terje@elde.net>
Subject: Re: How to ask a DNS resolver listening on a different port than the
 tcp/udp 53
Date: Sat, 28 Sep 2013 18:32:00 +0200
To: Frank Leonhardt <frank2@fjl.co.uk>
Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Sep 2013 16:32:11 -0000

On 28. sep. 2013, at 15:50, Frank Leonhardt <frank2@fjl.co.uk> wrote:

> Given that BIND can happily listen on ports other than 53 and OpenBSD allo=
ws a port to be specified against each nameserver in resolv.conf, it does no=
t seem an unreasonable question to me.

Just to avoid any misunderstanding...=20

Not sure if I misunderstood what you're trying to do, but the way I recall i=
t, you have two boxes, one running with one recursive and one authoritative n=
ameserver, and you wanted a second box to quey the recursive nameserver on t=
he first box, which is running on another port than 53?

Given your setup, that's a valid question.=20

It's getting down to patching the resolver I felt was a bit overkill, and a p=
ossible source of future pain.=20

How to solve it is a perfectly valid question.=20

Personally I'd just think it cleaner to solve it by running a caching resolv=
er on the second host (on port 53), that could forward queries where you'd l=
ike, rather than patching or usik firewall redirects.=20

Terje=