
#-----------------------------------------------------------------------
# README
#-----------------------------------------------------------------------
#
# DNS MUST BE ENABLED FIRST TO USE HOSTNAMES IN THE FOLLOWING MODULES.
#
# These rules enable a caching DNS server to contact root servers, 
# etc. to resolve hostnames.
#
#-----------------------------------------------------------------------
# CHANGES
#-----------------------------------------------------------------------
#
# 2001-04-02  Jean-Sebastien Morisset <jsmoriss@mvlan.net>
#             Removed support for mode 1 and only append rules for
#             outgoing tcp in mode 3.
# 2001-03-29  Edwin ten Brink <edwin@privateer.student.utwente.nl>
#             Small text improvements
# 2001-02-07  Jean-Sebastien Morisset <jsmoriss@mvlan.net>
#             Converted rules to use Accept_Hostports function instead.
# 2001-01-31  Edwin ten Brink <edwin@privateer.student.utwente.nl>
#             Changed UDP rules to use UNPPRIVPORTS instead of all ports
# 2000-10-24  Jean-Sebastien Morisset <jsmoriss@mvlan.net>
#             Initial module written for v5.1.
#
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#m# 23
#a# accept
#i# cluster
#n# dns
#t# servers
#
#   |--------------------------------------------------------------------|
#d# dns-servers (Remote port 53 TCP, 53 UDP) 
#d# If you have a DNS on your firewall, you'll have to set your public
#d# interface's option to "any/0". If you use your ISP's DNS, you can
#d# enter it's IP address here instead. If the ISP's DNS doesn't support
#d# recursive lookups (uncommon), you'll have to use "any/0".
#d#
#d# DMZ servers may use one or more local DNS servers. These DNS servers
#d# should have "any/0" in their option, while all other DMZ options
#d# should remain empty. A DMZ cluster should be created for these DNS
#d# servers.
#   |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

for host in `Option_Value accept $INTOPT dns servers`
do
	Accept_Hostports remote udp "DNS Queries" $host domain

    [ "$MODE" -ge "3" ] \
		&& Accept_Hostports remote tcp "DNS Transfers" $host domain
done
unset host

