[Server-devel] [support-gang] [XSCE] Re: school server weekly mtg minutes

Tim Moody tim at timmoody.com
Thu Feb 19 17:15:23 EST 2015


The part I don't fully understand is that android (using chrome in my case) 
can find http://schoolserver.lan, just not http://schoolserver.  Looks to me 
like the phone reaches the xsce dns server, but the server only resolves 
schoolserver.lan.

-----Original Message----- 
From: Jerry Vonau
Sent: Thursday, February 19, 2015 5:07 PM
To: Community Support Volunteers -- who help respond to "help AT laptop.org" 
; James Cameron ; xsce-devel at googlegroups.com
Cc: server-devel ; Unleash Kids!
Subject: Re: [support-gang] [XSCE] Re: school server weekly mtg minutes



> On February 19, 2015 at 3:22 PM James Cameron <quozl at laptop.org> wrote:
>
>
> For Tim's problem of resolving the schoolserver host name on Android,
> see my note added to your minutes.  In short, intercept the DNS
> queries for 8.8.8.8, or configure WiFi to use DNS from DHCP.
>

I've mentioned in the past that intercepting dns queries from the LAN to
WAN might be useful for enforcement when using opendns. Treat the outbound
connection that same way as is done for squid's transparent proxy mode. I
take it that android may use its own nameserver order. Would the below
iptable rules be enough:

$IPTABLES  -t nat  -A PREROUTING -i $lan -p tcp --dport 53 ! -d $fw_lan_ip
-j DNAT --to $fw_lan_ip:53

$IPTABLES  -t nat  -A PREROUTING -i $lan -p udp --dport 53 ! -d $fw_lan_ip
-j DNAT --to $fw_lan_ip:53

assuming you have named running at $fw_lan_ip?

Jerry
_______________________________________________
support-gang mailing list
support-gang at lists.laptop.org
http://lists.laptop.org/listinfo/support-gang 



More information about the Server-devel mailing list