Yes, I can use that DNS server that you mentioned without any problem. I have my PC set to use it right now. And I know of others that anyone can use too, but I'm not going to give details in case they would not like this info to get out. ;-)
Priscilla At 03:24 PM 2/18/02, Chuck wrote: >the simple way to test this would be to set your workstation with some other >ISP's DNS address, and see how things go. In one of my posts I provided the >real IP of an active DNS server. Someone want to give it a try? or post one >that you know about. I'll be happy to test. > >I wish the guy who posted the original question would get back to us with >his results. > >Chuck > >""Priscilla Oppenheimer"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > At 12:28 PM 2/18/02, Marc Thach Xuan Ky wrote: > > >Any decent ISP will refuse DNS recursion from any IP address that is not > > >within its own address space. > > > > He wasn't asking about recursion. He was asking about the initial query > > from the end host. Although I could believe you that a service provider > > should make sure these queries only come from customers, my experience is > > that service providers don't do this. I can set my PC to use a variety of > > DNS servers around the Internet and it works. > > > > I think it's because it's tricky to do, especially for small ISPs. Some > > ISPs might have only one DNS server. The same server that provides DNS > > services to Internet-access customers may also be the authority for >various > > names managed by the ISP. The ISP may be doing Web hosting and be the > > authority for a bunch of names. In that case, it can't filter out DNS > > queries coming from the Internet. > > > > For example, say your PC asks your local DNS server to resolve > > www.priscilla.com. Your server can't do it. It asks its upstream server, > > probably one of the root servers. The root server figures out that > > petiteisp.com owns www.priscilla.com and tells your server the IP address > > of the authoritative name server at petiteisp.com. Your server queries > > petiteisp.com which gives your server the IP address for >www.priscilla.com. > > Your server finally responds to your PC. > > > > Notice that the query to petiteisp.com came from some unexpected IP >address > > that can't be anticipated in a filter. If petiteisp.com had a filter to > > allow queries only from its customers, the query from your server would > > have failed. > > > > Did that make sense? ;-) How to bigger ISPs handle this? I suppose bigger > > ISPs have more than one DNS server, one for Internet access customers, and > > one that is the authority for names owned by the ISP. > > > > Priscilla > > > > > This is fundamental to DNS security. > > >You need to rewrite the destination IP address. Note that Cisco's NAT > > >is not suitable for this because of the DNS ALG. The easiest thing to > > >do may be to provide an on-site cacheing DNS using the old ISPs DNS > > >addresses. If you've got a lot of workstations and a decent bandwidth > > >to the Internet, you will probably find that running your own DNS cache > > >will be more satisfactory anyway. > > >rgds > > >Marc TXK > > > > > > > > >Godswill HO wrote: > > > > > > > > You can still use your former ISP's DNS records while using the new >ISP's > > > > bandwidth. It does not matter who owns the DNS server. Everybody have > > >access > > > > to it once they are in the internet. Except when they are specifically > > > > filtered. > > > > > > > > The only drawn back is that, Your new ISP have to forward the packet >in a > > > > round trip to the old ISP's network through the internet before they >are > > > > resolved and sent back to you machine, had it been you are using the >DNS > > of > > > > your new ISP, these request would stop there. Do not loose your sleep, > > > > because at the worst these delays are in milisseconds and not easily > > > > noticeable by the eye, more each machine have a cache so it does not > > >forward > > > > every request. Great if you have a Cache Engine to compliment the > > machine's > > > > cache. > > > > > > > > Whatever, you are kool and everything will be fine, switch to your new > > ISP > > > > and enjoy. > > > > > > > > Regards. > > > > Oletu > > > > ----- Original Message ----- > > > > From: Michael Hair > > > > To: > > > > Sent: Sunday, February 17, 2002 8:07 PM > > > > Subject: DNS Request Redirection [7:35703] > > > > > > > > > I was wondering what is the best way to take care of the following: > > > > > > > > > > I have been using a private address space behind a Cisco 4500 router > > > > > connected up to our current ISP using NAT, now we want to move our > > > > > connection from our current ISP to a new ISP with better bandwidth. >My > > > > > problem is that we don't want to change all our client machines >TCP/IP > > > > > settings, which are all static, for some reason or another they were > > all > > > > > setup to use our ISP's DNS. Not my idea but that another problem. So > > how > > > > can > > > > > I setup our router to forward requests looking from our current >ISP's > > DNS > > > > to > > > > > our new ISP's DNS without touching all the client machines. > > > > > > > > > > Would the best way be to use policy-base routing? > > > > > > > > > > Would a static route work? > > > > > > > > > > Could I use a static route under NAT? > > > > > > > > > > If someone could proved me a sample of how you could do this I would >be > > > > > greatful... > > > > > > > > > > Thanks > > > > > Michael > > > > _________________________________________________________ > > > > Do You Yahoo!? > > > > Get your free @yahoo.com address at http://mail.yahoo.com > > ________________________ > > > > Priscilla Oppenheimer > > http://www.priscilla.com ________________________ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35775&t=35703 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
