Re: caching only name server config question

Wed, 12 Jan 2000 11:10:13 -0800 

On Tue, 11 Jan 2000, R. Kuijvenhoven wrote:

> Hello,
> 
> I have been setting up a caching only name server (bind) on a linux
> firewall/router. The name server seems to be working like it should.
> 
> My question is: Which DNS address do I have to put in the DNS fields of the
> windoze workstations in the LAN, the DNS addresses of my ISP or the ip
> address of the fw/router? I have tried the ip address of the fw/router but
> it did not work. Now I have set the ip address of the fw/router in the host
> field and the ip addresses of my ISP in the DNS field. This works but I am
> afraid the windoze workstations will bypass the caching only name server
> this way.
> 
> TIA,
> 
> Robert-Jan Kuijvenhoven
> 
Here's what I do:
(Assuming IPMasq box is providing IP #'s via dhcpd, assuming LAN subnet is
        192.168.1.x, with the Masq box eth0 IP # = 191.168.1.1)

1) on Doze boxen:  DISable DNS   (dhcp will provide this info)

2) on masq box:   add the IP number of the masq box, 192.168.1.1, to the
        option domain-name-servers statement in the 192.168.1.0 subnet
        block in dhcpd.conf:

dhcpd.conf:
subnet  192.168.1.0 netmask 255.255.255.0 {
        range 192.168.1.2 192.168.1.200;
        option routers 192.168.1.1;
        default-lease-time 259200;
        max-lease-time 25920000;
        option broadcast-address 192.168.1.255;

        option domain-name-server  192.168.1.1, w.x.y.z, a.b.c.d;
}

(where w.x.y.z and a.b.c.d are the primary and secondary DNS servers
for my ISP)

This works great and you can demonstrate that it does:

>From a Doze box,  run ping any.valid.machine.com    where you have not
yet accessed that machine name from any of the machines on your LAN.
Note that there is a slight pause while the DNS lookup is done out on
the net.  Then, run that same ping again.  Note how quickly it comes
back with the ping, because it looks at your 192.168.1.1 box first and
that address is now in the dns cache!  

With your (caching-only) nameserver listed first, it will get checked first

***************************************************************************
Jerry Winegarden                OIT/Technical Support      Duke University
[EMAIL PROTECTED]                http://www-jerry.oit.duke.edu
***************************************************************************


-- 
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.

Reply via email to