On Thu, 2005-11-10 at 11:07, Tim wrote:
> >> However, there are some ISPs which set up filtering that will
> >> prevent you from resolving names yourselves (perhaps they want to
> >> enforce their censoring?).
>
> Kenneth Porter:
> > If this is restricted to specific domains, use "stub" domains in your
> > named.conf to selectively forward those domains to the ISP servers.
>
> In which case, you still wouldn't be able to resolve what they
> blocked...
>
> Anyway, when an ISP decides to prevent users from the user running their
> own DNS server, it's usually done by them preventing you from making
> outgoing connections on the ported used for DNS queries. Either
> blocking it, or forcing you through their own systems (like transparent
> proxying).
If you set up 'forwarders' in named.conf pointing to the ISP's
DNS but don't add the 'forward-only' option, it should query and
cache the ISP's response, but if that fails it will attempt a
direct lookup. I'm not sure ISP is the right name for something
that blocks DNS, though.
--
Les Mikesell
lesmikesell@xxxxxxxxx
