-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2008-01-18 at 01:22 +0100, agr.suzdal wrote:
- u say: Then the funny thing is why is the firewall blocking that "answer" :-? - me: no, the router is not blocking the answer, it return an answer for your querry [SRC=192.168.1.12 DST=128.9.0.107 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=61490 DF PROTO=UDP SPT=2529 DPT=53 LEN=42 ], saying "i can't talk to DNS SERVER" not reach (128.9.0.107)
I'll have to digest the rest of your answer O:-)
- u say: Perhaps I should open the firewall to port 53, which currently is not, as I don't serve dns queries
- me: one question - why you installed the bind pack? why u need it? only is needed when you want a dns server, but isn't a common uses for a normal/common user, however in most cases, you don't need it for navigate thru Internet. With a dns server's ip on resolv.conf is enough for that purpose and only is needed bind-utils-9.3.2-56.3 - (Utilities to query and test DNS) and bind-libs-9.3.2-56.3 - (Shared libraries of BIND).
Well... I first set up bind as a cache server, which by default is what the suse bind rpm does. When you have a modem, a dns cache server makes sense, because it speeds up queries. When I upgraded to adsl I kept it. In fact, the router, which is an embedded little box suplied by my isp, running linux 2.4, also contains a dns server configured as cache. Then I also configured my bind to answer local queries for a "faked" local domain: this time for learning how to do it. I know, I know: it is not necesary. But it works.
u only need to open de 53 port when you want to serve dns to each other (lan,wan,internet, etc...).
Right, which is why I keep it clossed, unless I'm running tests. The rest of your message I'll study tomorrow :-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHj/wStTMYHG2NR9URAkl1AJ4+4yb0onQNMv2WT4w20Q69HSrL2gCgg68U wBtEa+8y3OIAt9JKYJW++Co= =Q+Cs -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org