[Unbound-users] Using Unbound as a transparent, captive DNS resolver
Paul Wouters
paul at nohats.ca
Mon Dec 10 16:05:57 UTC 2012
On Mon, 10 Dec 2012, Gerald McNulty wrote:
> Is it possible to use unbound as a captive DNS resolver? That is, all DNS traffic that is leaving the network will be
> redirected to unbound which will perform the resolution instead of any remote DNS server.
>
> I'm already using the python module so adding code to that would be fine, but how would I retrieve the DNS server that was
> queried and set that in the response?
Why not just DNAT the traffic to your DNS server?
(from top of head, no guarantees)
iptables -I PREROUTING -t nat -j DNAT -s yourlan/mask -p udp --dport 53 --to-destination IP.UNBOUND.SERVER
iptables -I PREROUTING -t nat -j DNAT -s yourlan/mask -p tcp --dport 53 --to-destination IP.UNBOUND.SERVER
(-p all does not seem to work with --dport in my experience)
Paul
More information about the Unbound-users
mailing list