
#-----------------------------------------------------------------------
# Copyright (C) 2000-2001, Jean-Sebastien Morisset <jsmoriss@mvlan.net>
#-----------------------------------------------------------------------
# $Id: 010-dns-servers,v 1.3 2001/08/11 17:01:21 jsmoriss Exp $
#-----------------------------------------------------------------------
# README
#-----------------------------------------------------------------------
#
# DNS MUST BE ENABLED FIRST TO USE HOSTNAMES IN THE FOLLOWING MODULES.
#
# These rules enable a caching DNS server to contact root servers, 
# etc. to resolve hostnames.
#
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#m# 123
#a# accept
#i# cluster
#n# dns
#t# servers
#
#   |--------------------------------------------------------------------|
#d# dns-servers (Remote port 53 TCP, 53 UDP) 
#d# If you have a DNS on your firewall, you'll have to set your public
#d# interface's option to "any/0". If you use your ISP's DNS, you can
#d# enter it's IP address here instead. If the ISP's DNS doesn't support
#d# recursive lookups (uncommon), you'll have to use "any/0".
#d#
#d# DMZ servers may use one or more local DNS servers. These DNS servers
#d# should have "any/0" in their option, while all other DMZ options
#d# should remain empty. A DMZ cluster should be created for these DNS
#d# servers.
#   |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

for host in `Option_Value accept $INTOPT dns servers`
do
	Accept_Hostports remote udp "DNS Queries" $host domain

    [ "$MODE" -ge "3" ] \
		&& Accept_Hostports remote tcp "DNS Transfers" $host domain
done
unset host

