[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Redirect to domain name instead of ip

Hi,

Le samedi 23 septembre 2006 15:20, Lars Staun Knudsen a écrit :
> Thank you for the reply, the lines works fine. But I've still got a
> dynamic problem, the ip can change with dhcp and therefore it would
> be perfect if i could use a domain name. DDns (bind9) is working
> along with  dhcp3-server.
> The PREROUTING line is complaining if I write pc.dom.dk instead of
> 172.16.0.30, is there a way to bypass this problem?
>
> And another problem i just though of, if the iptables-script is
> executed at a time where pc.dom.dk hasn't got a dhcp-release yet,
> there will be no answer in the dns-lookup. So any experience on what
> behavior iptables have when there is not ip resolved from the domain
> name. Is the rule just set or will the rule return an error.

The fact is that the kernel can't be wait for a DNS response which might 
arrive sometime (or never at all), while dealing with a packet.

So you could fix the IP address (easy if you manage the dhcp server), or 
devise a way to regularely "update" your ruleset with the appropriate IP. A 
script could get the IP from the DNS, and to an iptables if it happens to be 
different from the previous one.

Hope this helps,

Sebastien
Reply to: