> My ISP does not allow routing and NAT protocols and DNS servers 
> to be run on the machine connected to the ISP and claims, that all 
> UDP ports as well as some TCP ports (that as they say "are 
> commonly used by hackers and programms like Back Oriffic") are 
> blocked. 

I'd advise you to find a real ISP; any service which claims to be an
ISP but which blocks all UDP isn't worthy of being called a real ISP..

> does anyone have resources (Howtos etc.) to help me set up 
> firewalling under netBSD? The only help I could find was from the 
> NetBSD.org homepage.

There are a bunch of example configurations installed in
/usr/share/examples/ipf which you can use as a starting point.

> Now I want to set up a caching only DNS Server on the PC 
> used as router, AFAIK DNS servers exchange data by UDP, but the 
> description I got from some books explain the Caching only DNS 
> server as "storing current DNS requests for further use".

Well, the second description is kind of confused (it's storing DNS
*answers* for further use; storing the questions is pointless..).

> Now I wanted to know if a caching only DNS server uses UDP ports 
> other than a standard browser does and thus the ISP could find out 
> that I use a DNS server.

A caching-only DNS server listens on UDP port 53 just like an
authoritative server.

You can do this with ipf; you should also be able to have named do its
own filtering of which interfaces it listens to for requests (see
named.conf(5) and the "listen-on" and "blackhole" onfiguration
options).

					- Bill