DNS question

Support section for FREESCO v0.3.x

DNS question

Postby psv » Tue Nov 10, 2009 7:52 am

Hello ! say me please --- how i can deny access to external dns ???
psv
Newbie
 
Posts: 9
Joined: Fri Oct 02, 2009 12:24 am

Re: DNS question

Postby dingetje » Tue Nov 10, 2009 8:04 am

Your question is not entirely clear. Do you mean access from outside your LAN to the FREESCO DNS server or do you mean access from within your LAN to other DNS servers?
The first situation can be accomplished by changing the DNS server in your FREESCO setup to 's' (for secure). The 2nd situation requires a firewall rule in rc_user to block outgoing access to port 53 (DNS service).
GreetZ
http://dingetje.homeip.net

"Software is like sex: it's better when it's free." - LINUS TORVALDS
User avatar
dingetje
FREESCO Crazed !!
 
Posts: 1001
Joined: Wed Nov 14, 2001 12:13 pm
Location: The Netherlands

Re: DNS question

Postby psv » Tue Nov 10, 2009 8:52 am

ipfwadm -O -a deny -S 10.13.106.0/24 53 -D 0/0 -o
is this is correct ??? don't working ... :?

i have dsl inet ... freesco 0.3.x (10.13.106.9) with squid + dns(s-localy) and some windows pc(10.13.106.0...)
when i enter external dns in windows machine i have inet without squid ... :(

in freesco 0.4.2 in dns setup i can choose item where external dns is disabled ...
please help :!:
psv
Newbie
 
Posts: 9
Joined: Fri Oct 02, 2009 12:24 am

Re: DNS question

Postby dilberts_left_nut » Tue Nov 10, 2009 3:59 pm

From the setup...
Code: Select all
 Advanced settings (x - exit)? 41

        Caching DNS server.
        Recommended for most configurations in "s" or "e" mode.

        WARNING:y - Enable service worldwide (insecure)
                s - Enable service locally (secure recommended)
                n - Disable service

        NOTE:   If you have port forwarding on port (53), you must
                not use secure modes.

        NOTE:   e - (secure exclusive mode).
                This forces all clients to use this server exclusively
                and external DNS servers are not allowed.

41 Enable caching DNS server (y/s/n/e) [s]?

If you want your internal clients to use ONLY the freesco DNS and NOT any other outside servers use option "e"
User avatar
dilberts_left_nut
Member
 
Posts: 71
Joined: Thu Sep 02, 2004 8:25 am
Location: Christchurch, NZ

Re: DNS question

Postby psv » Tue Nov 10, 2009 4:54 pm

... i have freesco 0.3.4 and this version have not this choose ... :?
... only firewall rool can help me :idea: :D
psv
Newbie
 
Posts: 9
Joined: Fri Oct 02, 2009 12:24 am

Re: DNS question

Postby Lightning » Wed Nov 11, 2009 12:57 am

i have freesco 0.3.4 and this version have not this choose ... :?
... only firewall rool can help me

You are correct the "exclusive" option was introduced in much later versions. As for manually putting the rule in place, try this
edit /rc/rc_user
Code: Select all
firewall)
   ipfwadm -F -i reject -P udp -b -S 0/0 53
   ipfwadm -F -i reject -P tcp -b -S 0/0 53
   ;;

Once you save the change run "rc_masq restart".

However if you are trying to force the use of squid this is not really going to be really effective. You will be much better off reconfiguring squid as a transparent proxy so that clients don't have a choice to use it or not.
If you are afraid that you might make a mistake. The chances are high that you will never learn anything.
User avatar
Lightning
FREESCO GURU !!
 
Posts: 3006
Joined: Wed Nov 14, 2001 6:50 am
Location: Oregon, USA


Return to FREESCO Support for v0.3.x

Who is online

Users browsing this forum: No registered users and 0 guests

cron