Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
On 2013-09-28 09:37, loran42o wrote: Le 28.09.2013 00:08, Terje Elde a écrit : On 28. sep. 2013, at 00:03, Frank Leonhardt fra...@fjl.co.uk wrote: If I understand the way it works correctly, the resolver pulls a list of the NS and hard-sets the port number for each to 53 (via a manifest constant) . See libc/resolv/res_init.c. All you need to do(!) is change this to a value of your choice and recompile libc Sorry, but this is startin to look a lot like a complicated solution to a problem that isn't really there... Why not just point from resolv.conf to localhost, run a caching and/or recursive dns-server there, and point it whereever? As far as I can tell, that'd solve everything, add caching, and let it all be controlled from the config of the DNS-server? Terje Hi, I guess this is the way that'll end. Laurent SALIN You'll need to setup your bind.conf; zone fqdn IN { type forward; forward first; forwarders { 127.0.0.1 port 530; }; }; ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
Hi, for the list archive, here's how I solved my problem. Some on the thread tell me to run BIND on the 1rst VPS, as DNS autoritative server and as caching resolver who let only hosts from my network send him queries. Well I'm quite happy my setup with NSD as DNS autoritative and UNBOUND as caching resolver so I don't really want to change them for BIND, but i'd do it if this is the only way. I descide to focus on the 2nd VPS, the one who can't send queries directly to tcp/udp 5353, I configure UNBOUND to forward all queries to my 1rst VPS with few dedicated lines in the /usr/local/etc/unbound/unbound.conf: file ...snip... forward-zone: name: . forward-addr: public_ip_v4@5353 # forward to port 5353. forward-first: yes /file and modify my /etc/resolv.conf to only have localhost as nameserver. The system footprint of UNBOUND is very small so it's just fine to me. Thanks all for the help. Laurent SALIN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
Le 28.09.2013 00:08, Terje Elde a écrit : On 28. sep. 2013, at 00:03, Frank Leonhardt fra...@fjl.co.uk wrote: If I understand the way it works correctly, the resolver pulls a list of the NS and hard-sets the port number for each to 53 (via a manifest constant) . See libc/resolv/res_init.c. All you need to do(!) is change this to a value of your choice and recompile libc Sorry, but this is startin to look a lot like a complicated solution to a problem that isn't really there... Why not just point from resolv.conf to localhost, run a caching and/or recursive dns-server there, and point it whereever? As far as I can tell, that'd solve everything, add caching, and let it all be controlled from the config of the DNS-server? Terje Hi, I guess this is the way that'll end. Laurent SALIN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
Le 27.09.2013 23:31, jb a écrit : Well, I hope I understand you. You use DNS Proxy server, like BIND or DNSMASQ. hi, actually I use two daemons, one to serve as a autoritative DNS server : nsd the other one to serve as a recursive DNS resolver with caching : unbound I can't set them both listening on the same tcp/udp 53 port, so i configure unbound to listen on a unusual one. My problem is, on my other FreeBSD box, I can't set a alternative port for nameserver in /etc/resolv.conf. With BIND you have options in /etc/named.conf: http://www.zytrax.com/books/dns/ch7/queries.html forward forwarders If I can't use PF to solve this, maybe I'll have to take a look at BIND. Thanks Laurent SALIN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
Le 28.09.2013 01:11, Frank Leonhardt a écrit : It was more of an explanation as to /why/ it's not easy to do what asked in the original reasonable-sounding question. Hi, Thanks for the explanation of how it works from the behind. I don't think I'll compile and maintain my own libc just for DNS queries :-) Laurent SALIN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
On 28/09/2013 00:20, Michael Sierchio wrote: On Fri, Sep 27, 2013 at 4:11 PM, Frank Leonhardt fra...@fjl.co.uk wrote: On 27/09/2013 23:08, Terje Elde wrote: On 28. sep. 2013, at 00:03, Frank Leonhardt fra...@fjl.co.uk wrote: If I understand the way it works correctly, the resolver pulls a list of the NS and hard-sets the port number for each to 53 (via a manifest constant) . See libc/resolv/res_init.c. All you need to do(!) is change this to a value of your choice and recompile libc Sorry, but this is startin to look a lot like a complicated solution to a problem that isn't really there... It was more of an explanation as to /why/ it's not easy to do what asked in the original reasonable-sounding question. Beg to differ. The question isn't reasonable. There's no point in having a dns recursive resolver listening on a port other than the one that clients will contact it on. Far better to have the authoritative server listen on 127.53.0.1 and use the routable address for the cache, which can forward requests for the authoritative server when appropriate. The original qustion was actually I wondering how I can send queries to a dns resolver listening on a different port than the normaly 53 tcp/udp? Given that BIND can happily listen on ports other than 53 and OpenBSD allows a port to be specified against each nameserver in resolv.conf, it does not seem an unreasonable question to me. Read the rest of the post quoted selectively above for the full story. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
On 28. sep. 2013, at 15:50, Frank Leonhardt fra...@fjl.co.uk wrote: Given that BIND can happily listen on ports other than 53 and OpenBSD allows a port to be specified against each nameserver in resolv.conf, it does not seem an unreasonable question to me. Just to avoid any misunderstanding... Not sure if I misunderstood what you're trying to do, but the way I recall it, you have two boxes, one running with one recursive and one authoritative nameserver, and you wanted a second box to quey the recursive nameserver on the first box, which is running on another port than 53? Given your setup, that's a valid question. It's getting down to patching the resolver I felt was a bit overkill, and a possible source of future pain. How to solve it is a perfectly valid question. Personally I'd just think it cleaner to solve it by running a caching resolver on the second host (on port 53), that could forward queries where you'd like, rather than patching or usik firewall redirects. Terje ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
Le 28.09.2013 18:32, Terje Elde a écrit : Not sure if I misunderstood what you're trying to do, but the way I recall it, you have two boxes, one running with one recursive and one authoritative nameserver, and you wanted a second box to quey the recursive nameserver on the first box, which is running on another port than 53? You just right Given your setup, that's a valid question. that's why I submit it to the FreeBSD-Question list :-) It's getting down to patching the resolver I felt was a bit overkill, and a possible source of future pain. How to solve it is a perfectly valid question. I was hoping it'll be possible to map destination port with Packet Filter from nameserver:53 to nameserver:5353 for exemple. Personally I'd just think it cleaner to solve it by running a caching resolver on the second host (on port 53), that could forward queries where you'd like, rather than patching or usik firewall redirects. I guess that's how I'll fix my problem Thanks, Laurent SALIN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
On 9/28/2013 at 7:16 PM Laurent SALIN wrote: |Le 28.09.2013 18:32, Terje Elde a écrit : | Not sure if I misunderstood what you're trying to do, but the way I |recall it, you have two boxes, one running with one recursive and one |authoritative nameserver, and you wanted a second box to quey the |recursive nameserver on the first box, which is running on another port |than 53? | = The way I solved this problem on my setup, I assigned another IP address to the network interface via ifconfig alias. I put the authoritative namesever on one IP address, and the recursive nameserver on the other IP address. They both are still listening on port 53, but on different IP addresses. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
Le 28.09.2013 21:28, Mike. a écrit : The way I solved this problem on my setup, I assigned another IP address to the network interface via ifconfig alias. I put the authoritative namesever on one IP address, and the recursive nameserver on the other IP address. They both are still listening on port 53, but on different IP addresses. hi, If I could it would be just fine. I got only one public IPv4 with each VPS. I've got a IPv6 too but I'm not easy with IPv6 yet. The provider (Tilaa) where I rent one of the 2 VPS, the one who may need 2 IPv4, is a bit short about his range of IPv4 and I guess it's not raisonable to ask for a second IPv4 just for my personal use in case of studying *BSD and networking stuff, I don't have a professional use here. Thanks. Laurent SALIN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
On Sep 28, 2013, at 2:24 PM, Laurent SALIN salin.laur...@laposte.net wrote: Le 28.09.2013 21:28, Mike. a écrit : The way I solved this problem on my setup, I assigned another IP address to the network interface via ifconfig alias. I put the authoritative namesever on one IP address, and the recursive nameserver on the other IP address. They both are still listening on port 53, but on different IP addresses. hi, If I could it would be just fine. I got only one public IPv4 with each VPS. I've got a IPv6 too but I'm not easy with IPv6 yet. The provider (Tilaa) where I rent one of the 2 VPS, the one who may need 2 IPv4, is a bit short about his range of IPv4 and I guess it's not raisonable to ask for a second IPv4 just for my personal use in case of studying *BSD and networking stuff, I don't have a professional use here. You only need to run one name server. It is both authoritative and recursive by default. To limit recursion to only your own IP address space add the following option in named.conf options { allow-recursion { 192.168.1.0/24; 127.0.0.1; }; }; Change the address space to suit. Make sure you include localhost. And after an rndc reload only your internal network will be able to make recursive requests. Dan Thanks. Laurent SALIN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
How to ask a DNS resolver listening on a different port than the tcp/udp 53
Hello, I wondering how i can send queries to a dns resolver listening on a different port than the normaly 53 tcp/udp ? The situation: I've got a vps who running NSD as a autoritative nameserver, listening on tcp/udp 53 and unbound as personnal resolver, listening on a different tcp/udp port. It work very well on his own or with my OpenBSD gateway at home as DNS cache. Recently i've got a new FreeBSD VPS and I want to use the first VPS as DNS nameserver for the second VPS but FreeBSD is unable to send queries to nameserver on a different port as the normal one (tcp/udp 53). I've got a bad solution, use unbound on the second VPS and maybe tell him to ask the 1rst VPS on the unusual tcp/udp port, but I wonder myself if is it possible with Packet Filter to change the destination port of the queries forwarded to my 1rst VPS from tcp/udp 53 to tcp/udp 5353 for exemple ? Or maybe anybody got a other solution ? I hope you'll understand me :-/ Laurent SALIN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
On Fri, Sep 27, 2013, at 13:20, Laurent SALIN wrote: Hello, I wondering how i can send queries to a dns resolver listening on a different port than the normaly 53 tcp/udp ? The situation: I've got a vps who running NSD as a autoritative nameserver, listening on tcp/udp 53 and unbound as personnal resolver, listening on a different tcp/udp port. It work very well on his own or with my OpenBSD gateway at home as DNS cache. Is there any way to use multiple IPs? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
On 27. sep. 2013, at 20:20, Laurent SALIN salin.laur...@laposte.net wrote: I've got a bad solution, use unbound on the second VPS and maybe tell him to ask the 1rst VPS on the unusual tcp/udp port Why is that a bad solution? You'd cache locally, which is often considered a good thing? Granted, it's a bit of a weird setup, but still. Terje ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
Is there any way to use multiple IPs? hi, no I can't. Each VPS got only one IPv4 and I'm really not aware yet about how IPv6 works. Laurent SALIN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
Le 27/09/2013 22:28, Terje Elde a écrit : Why is that a bad solution? You'd cache locally, which is often considered a good thing? Granted, it's a bit of a weird setup, but still. I hope it could be esay as put the ip of my resolver VPS in the /etc/resolv.conf and let PF translate the destination port. Does anybody know why in FreeBSD we can't set a alternative port in the /etc/resolv.conf as in the OpenBSD one ? (for my knowledge :-) Laurent SALIN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
Laurent SALIN salin.laurent at laposte.net writes: Hello, I wondering how i can send queries to a dns resolver listening on a different port than the normaly 53 tcp/udp ? The situation: I've got a vps who running NSD as a autoritative nameserver, listening on tcp/udp 53 and unbound as personnal resolver, listening on a different tcp/udp port. It work very well on his own or with my OpenBSD gateway at home as DNS cache. Recently i've got a new FreeBSD VPS and I want to use the first VPS as DNS nameserver for the second VPS but FreeBSD is unable to send queries to nameserver on a different port as the normal one (tcp/udp 53). I've got a bad solution, use unbound on the second VPS and maybe tell him to ask the 1rst VPS on the unusual tcp/udp port, but I wonder myself if is it possible with Packet Filter to change the destination port of the queries forwarded to my 1rst VPS from tcp/udp 53 to tcp/udp 5353 for exemple ? Or maybe anybody got a other solution ? I hope you'll understand me :-/ Laurent SALIN Well, I hope I understand you. You use DNS Proxy server, like BIND or DNSMASQ. With BIND you have options in /etc/named.conf: http://www.zytrax.com/books/dns/ch7/queries.html forward forwarders I do not know how DNSMASQ configures it, if at all - you would have to download original package with full documentation. jb ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
On 27/09/2013 19:20, Laurent SALIN wrote: Hello, I wondering how i can send queries to a dns resolver listening on a different port than the normaly 53 tcp/udp ? The situation: I've got a vps who running NSD as a autoritative nameserver, listening on tcp/udp 53 and unbound as personnal resolver, listening on a different tcp/udp port. It work very well on his own or with my OpenBSD gateway at home as DNS cache. Recently i've got a new FreeBSD VPS and I want to use the first VPS as DNS nameserver for the second VPS but FreeBSD is unable to send queries to nameserver on a different port as the normal one (tcp/udp 53). I've got a bad solution, use unbound on the second VPS and maybe tell him to ask the 1rst VPS on the unusual tcp/udp port, but I wonder myself if is it possible with Packet Filter to change the destination port of the queries forwarded to my 1rst VPS from tcp/udp 53 to tcp/udp 5353 for exemple ? Or maybe anybody got a other solution ? I hope you'll understand me :-/ Laurent SALIN If I understand the way it works correctly, the resolver pulls a list of the NS and hard-sets the port number for each to 53 (via a manifest constant) . See libc/resolv/res_init.c. All you need to do(!) is change this to a value of your choice and recompile libc (and anything that links to it statically) and it should be sorted. Or find an easier work-around. I don't see any reason why the resolver library can't be modified to pick up a range of port numbers from the config (as other systems have), but AFAIK it can't. The resolver isn't part of the kernel - it's the application doing the lookup, not FreeBSD (except in libc being part of the base system). Oh you know what I mean! Each application makes its own lookup. I could be spectacularly out-of-date with this. Regards, Frank. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
On 28. sep. 2013, at 00:03, Frank Leonhardt fra...@fjl.co.uk wrote: If I understand the way it works correctly, the resolver pulls a list of the NS and hard-sets the port number for each to 53 (via a manifest constant) . See libc/resolv/res_init.c. All you need to do(!) is change this to a value of your choice and recompile libc Sorry, but this is startin to look a lot like a complicated solution to a problem that isn't really there... Why not just point from resolv.conf to localhost, run a caching and/or recursive dns-server there, and point it whereever? As far as I can tell, that'd solve everything, add caching, and let it all be controlled from the config of the DNS-server? Terje ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
On 27/09/2013 23:08, Terje Elde wrote: On 28. sep. 2013, at 00:03, Frank Leonhardt fra...@fjl.co.uk wrote: If I understand the way it works correctly, the resolver pulls a list of the NS and hard-sets the port number for each to 53 (via a manifest constant) . See libc/resolv/res_init.c. All you need to do(!) is change this to a value of your choice and recompile libc Sorry, but this is startin to look a lot like a complicated solution to a problem that isn't really there... It was more of an explanation as to /why/ it's not easy to do what asked in the original reasonable-sounding question. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to ask a DNS resolver listening on a different port than the tcp/udp 53
On Fri, Sep 27, 2013 at 4:11 PM, Frank Leonhardt fra...@fjl.co.uk wrote: On 27/09/2013 23:08, Terje Elde wrote: On 28. sep. 2013, at 00:03, Frank Leonhardt fra...@fjl.co.uk wrote: If I understand the way it works correctly, the resolver pulls a list of the NS and hard-sets the port number for each to 53 (via a manifest constant) . See libc/resolv/res_init.c. All you need to do(!) is change this to a value of your choice and recompile libc Sorry, but this is startin to look a lot like a complicated solution to a problem that isn't really there... It was more of an explanation as to /why/ it's not easy to do what asked in the original reasonable-sounding question. Beg to differ. The question isn't reasonable. There's no point in having a dns recursive resolver listening on a port other than the one that clients will contact it on. Far better to have the authoritative server listen on 127.53.0.1 and use the routable address for the cache, which can forward requests for the authoritative server when appropriate. - M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org