On Mon, Mar 25, 2002 at 10:37:06AM +0100, Wiktor Wodecki wrote: > Hello, > > > I am using: "iptables -t nat -A PREROUTING -p udp --dport 53 -i eth0 -j DNAT >--to-destination 192.168.0.9:53" to forward any domain request to my nameserver from >my firewall (192.168.0.1) > > I have 2 nic's in the firewall (eth0 = cisco 677i adsl router, eth1 = local >network) > > you should have read some nameserver docs, too :P > The DNS System also uses tcp 53 for transmission. This might trigger the > behaviour you expect. Unfortunately not many people know about the tcp > thingie, resulting in many "broken" dns servers.
Please also note that TCP is even used for queries (size > 512 bytes), not only for zone transfers. > Regards, > Wiktor Wodecki <[EMAIL PROTECTED]> -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
msg00403/pgp00000.pgp
Description: PGP signature
