NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Resolver problems

2009/12/3 Robert Elz <>:
> The only real problem here looks to be that the router is broken, and is
> sending its reply from the wrong port.
> Get the router fixed, there's no other good solution.

I can't deny that the router is at fault. Unfortunately I fear that
there is no chance of getting it fixed soon...

There seem to be (at least) two alternatives here:

1) Installation of a filtering DNS proxy on the NetBSD box which sends
NXDOMAIN replies to all AAAA queries.

2) Re-writing the source port number of the faulty UDP packets.

Any tips wrt solution 1?

Which configuration would be necessary for PF to do this? (i.e.: UDP +
sourceIP= + sourcePort=3072 + destinationIP= +
maybe_something_else -> sourcePort:=53)


Home | Main Index | Thread Index | Old Index