Proxy DNS

[Andy Dills]

Ok, I'm really stumped by this one. To my knowledge, this has not been
addressed before anywhere. 

I've got a FreeBSD box doing nat/firewall for a network. Because we will
have users with random DNS servers configured, we want to proxy the DNS
requests so that all DNS requests are handled by the instance of named
running on that bsd box. 

The way I had wanted to set this up is:

ipfw add 10 fwd 127.0.0.1,53 udp from any to any 53 recv xl1

But this doesn't work, and I can't figure out why. The only thing I can
come up with is that maybe bind does some sanity checking to see if the
dest ip of the dns request is an IP it knows about.

For instance, if I do:

ipfw add 10 fwd 127.0.0.1,80 tcp from any to andy 80 recv xl1

then, anytime somebody tries to bring up a webpage they get the webpages
being served by the bsd box.

So, because apache works in that setup, I have to think that the packets
are being forwarded properly. And because bind doesn't work, I have to
think that it's doing some security checks or something and it's not
answering the diverted DNS requests.

Can anybody shed some light on this, and maybe suggest some ideas for
debugging this?

Thanks,
Andy

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Andy Dills                              301-682-9972
Xecunet, LLC                            www.xecu.net
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Dialup * Webhosting * E-Commerce * High-Speed Access