Re: BIND and iptables config
On Wed, Feb 14, 2018 at 11:51:50PM +0100, Rodary Jacques wrote:
> I have my own DNS config t so that my home LAN can access internet (with SNAT) to "the" internet which I created under Redhat 7.2! It did work on a Redhat box with Systemd, NetworkManager , and the bind9 RPM. On Debian the bind9.service tries to start when the net interfaces are not ready.But NetworkManager also tries to resolve DNS servers still when the net interfaces are not ready; so the external servers can't be joined and /etc/resolv.conf ( a soft link to /var/run/NetworkManager/resolv.conf) has no reference to wlan (man resolvconf, indicated in /lib/systemd/system/bind9-resolvconf.service as Docu never was on my system). So I had to cheat with NetworkManager: I removed the link
> /etc/resolv.conf, and edited the original one (created during installation) with all my DNS servers ( the master server is on my box and can't be reached before BIND (4, 8 or 9) is activated) . I also had to create a new profile on my external interface with all the DNS servers.
> All this done (two or three weeks), I can launch named with my own (chroot'ed) config, and then start netfilter and SNAT
> with my config.
> I don't mind all this as long as I don't have to reboot, and cheat again.
> Wouldn't it be a bug?
No.
It's not debian's, bind's or the iptables fault that your setup is
unnecessary complicated and cumbersome.
The issue is your setup.
-H
--
Henning Follmann | hfollmann@itcfollmann.com
Reply to: