| View previous topic :: View next topic |
| Author |
Message |
weyhan
Apprentice
Joined: 27 May 2003
Posts: 245
|
 Posted: Tue Mar 30, 2004 5:32 pm Post subject: djbdns question |
 |
|
Hi,
I have a home network where I have a gentoo server acting as my dhcp/dns server for the other host in the network. I have setup dnscache to serve dns queries to the Internet and pass any queries to tinydns for internal host lookup. This setup is working fine but I have also come to learn that the setup is not 100% correct because dnscache only gives non-authoritative answer. Whereas dns queries to the internal network should be authoritative.
Although I don't think it matters much with a small network like mine, but I am interested to know if there is a way to make it 100% correct. Even if it means to have two IP address where one is serving dns queries to the internet and one to the internal host. If so how does it work? Do I setup my clients to look for internet host to use the primary dns and secondary dns should the query is for internal host?
Thanks.
_________________
Han. |
|
| Back to top |
|
 |
nope2dope
Tux's lil' helper
Joined: 19 Sep 2003
Posts: 103
Location: Sinntal - Germany
|
| Posted: Tue Mar 30, 2004 6:37 pm Post subject: |
|
|
Not sure if I understood your last sentence but my setup is like the following:
tinydns got an IP that is/was unused on my net and
dnscache got the IP of eth0
My clients are setup to send their requests to the IP of dnscache with one line in /etc/resolv.conf
| Code: | | nameserver <ipOfDnscache> |
_________________
...keine Experimente. |
|
| Back to top |
|
|
weyhan
Apprentice
Joined: 27 May 2003
Posts: 245
|
| Posted: Wed Mar 31, 2004 2:50 am Post subject: |
|
|
| Quote: |
Not sure if I understood your last sentence but my setup is like the following:
tinydns got an IP that is/was unused on my net and
dnscache got the IP of eth0
My clients are setup to send their requests to the IP of dnscache with one line in /etc/resolv.conf
| Code: | | nameserver <ipOfDnscache> |
|
I have the exact same setup with tinydns listening on 127.0.0.1 and dnscache listening on 192.168.1.2. Also with dnscache is pointing to 127.0.0.1 for my local network and 192.168.1.1 (ISDN router). This setting works fine.
However, dnscache will only gives non-authoritative responses to any query so authoritative respond from tinydns have been made non-authoritative because the respond have passed through dnscache. If my dns setup is to be correct and not just working fine, queries for IP address of my local network should be authoritative while the response cache/retrieved form the Internet should be non-authoritative.
From reading documents I have found on the Internet, I do understand why they say it is a bad idea to have a dns server to give out authoritative response as well as non-authoritative. Therefore djbdns have been design to have two separate servers one to give out authoritative response and the other to give out non-authoritative response.
Out of curiosity, I wonder how would one fix this problem (without making one Ip address serve authoritative and non-authoritative response)? Does it mean I will have to setup two dns server visible to my internal network, how would that work?
*phew* this is the most "authoritative" post I have written... Say "authoritative" ten times!! Quickly!!
_________________
Han. |
|
| Back to top |
|
|
|
Networking & Security
