Maintained by: NLnet Labs

[Unbound-users] Using Unbound as a transparent, captive DNS resolver

Gerald McNulty
Tue Dec 11 03:54:00 CET 2012


Hello Paul,

Thank you for your reply. We are using ipfw under FreeBSD so iptables will
not work.

A standard fwd rule will work, but the result will have a source address of
the unbound server rather than the queried server so the client will ignore
it.

I can create a wrapper that will just rewrite the address of the reply, but
it would be great if unbound could do this directly rather than adding
another piece of code.

Thank you,


Gerald



On Mon, Dec 10, 2012 at 4:05 PM, Paul Wouters <paul at nohats.ca> wrote:

> On Mon, 10 Dec 2012, Gerald McNulty wrote:
>
>  Is it possible to use unbound as a captive DNS resolver? That is, all DNS
>> traffic that is leaving the network will be
>> redirected to unbound which will perform the resolution instead of any
>> remote DNS server.
>>
>> I'm already using the python module so adding code to that would be fine,
>> but how would I retrieve the DNS server that was
>> queried and set that in the response?
>>
>
> Why not just DNAT the traffic to your DNS server?
>
> (from top of head, no guarantees)
>
> iptables -I PREROUTING -t nat -j DNAT -s yourlan/mask -p udp --dport 53
> --to-destination IP.UNBOUND.SERVER
> iptables -I PREROUTING -t nat -j DNAT -s yourlan/mask -p tcp --dport 53
> --to-destination IP.UNBOUND.SERVER
>
> (-p all does not seem to work with --dport in my experience)
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20121211/78b16a8f/attachment.html>