yep - seems to work just fine. Chuck
""Mark Odette II"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Chuck, et al., > > One DNS Server IP that I've used for years when I don't have a specific IP > given when doing installations for customers, i.e., they don't tell me any > additional info in regards to whether or not their ISP told them to use > X.X.X.X and Y.Y.Y.Y for their client DNS settings, is a UUNet DNS Cache > server: > > 198.6.1.2 > > Never had any problems with it yet. > > But then again, I don't keep them on that DNS Setting... It's usually just > for initial install/test for DNS /Internet connectivity. Then I go get the > rest of the information. And again, these steps are only performed this way > when the customer contact is quite busy, and disappears on me within minutes > of me confirming my arrival to work, or they have the classic response of > "Uh, I'm not sure right now... lemme go try to dig that info up in our > paperwork..." and they still don't come back for an extended period of time. > > Otherwise, I work efficiently, and request all of the specific configuration > info up front as part of the install plan. :) > > SO...... Give the UUNet Caching server a spin, and let us know if it fails > certain queries. > > Mark > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, February 18, 2002 2:25 PM > To: [EMAIL PROTECTED] > Subject: Re: DNS Request Redirection [7:35703] > > > the simple way to test this would be to set your workstation with some other > ISP's DNS address, and see how things go. In one of my posts I provided the > real IP of an active DNS server. Someone want to give it a try? or post one > that you know about. I'll be happy to test. > > I wish the guy who posted the original question would get back to us with > his results. > > Chuck > > ""Priscilla Oppenheimer"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > At 12:28 PM 2/18/02, Marc Thach Xuan Ky wrote: > > >Any decent ISP will refuse DNS recursion from any IP address that is not > > >within its own address space. > > > > He wasn't asking about recursion. He was asking about the initial query > > from the end host. Although I could believe you that a service provider > > should make sure these queries only come from customers, my experience is > > that service providers don't do this. I can set my PC to use a variety of > > DNS servers around the Internet and it works. > > > > I think it's because it's tricky to do, especially for small ISPs. Some > > ISPs might have only one DNS server. The same server that provides DNS > > services to Internet-access customers may also be the authority for > various > > names managed by the ISP. The ISP may be doing Web hosting and be the > > authority for a bunch of names. In that case, it can't filter out DNS > > queries coming from the Internet. > > > > For example, say your PC asks your local DNS server to resolve > > www.priscilla.com. Your server can't do it. It asks its upstream server, > > probably one of the root servers. The root server figures out that > > petiteisp.com owns www.priscilla.com and tells your server the IP address > > of the authoritative name server at petiteisp.com. Your server queries > > petiteisp.com which gives your server the IP address for > www.priscilla.com. > > Your server finally responds to your PC. > > > > Notice that the query to petiteisp.com came from some unexpected IP > address > > that can't be anticipated in a filter. If petiteisp.com had a filter to > > allow queries only from its customers, the query from your server would > > have failed. > > > > Did that make sense? ;-) How to bigger ISPs handle this? I suppose bigger > > ISPs have more than one DNS server, one for Internet access customers, and > > one that is the authority for names owned by the ISP. > > > > Priscilla > > > > > This is fundamental to DNS security. > > >You need to rewrite the destination IP address. Note that Cisco's NAT > > >is not suitable for this because of the DNS ALG. The easiest thing to > > >do may be to provide an on-site cacheing DNS using the old ISPs DNS > > >addresses. If you've got a lot of workstations and a decent bandwidth > > >to the Internet, you will probably find that running your own DNS cache > > >will be more satisfactory anyway. > > >rgds > > >Marc TXK > > > > > > > > >Godswill HO wrote: > > > > > > > > You can still use your former ISP's DNS records while using the new > ISP's > > > > bandwidth. It does not matter who owns the DNS server. Everybody have > > >access > > > > to it once they are in the internet. Except when they are specifically > > > > filtered. > > > > > > > > The only drawn back is that, Your new ISP have to forward the packet > in a > > > > round trip to the old ISP's network through the internet before they > are > > > > resolved and sent back to you machine, had it been you are using the > DNS > > of > > > > your new ISP, these request would stop there. Do not loose your sleep, > > > > because at the worst these delays are in milisseconds and not easily > > > > noticeable by the eye, more each machine have a cache so it does not > > >forward > > > > every request. Great if you have a Cache Engine to compliment the > > machine's > > > > cache. > > > > > > > > Whatever, you are kool and everything will be fine, switch to your new > > ISP > > > > and enjoy. > > > > > > > > Regards. > > > > Oletu > > > > ----- Original Message ----- > > > > From: Michael Hair > > > > To: > > > > Sent: Sunday, February 17, 2002 8:07 PM > > > > Subject: DNS Request Redirection [7:35703] > > > > > > > > > I was wondering what is the best way to take care of the following: > > > > > > > > > > I have been using a private address space behind a Cisco 4500 router > > > > > connected up to our current ISP using NAT, now we want to move our > > > > > connection from our current ISP to a new ISP with better bandwidth. > My > > > > > problem is that we don't want to change all our client machines > TCP/IP > > > > > settings, which are all static, for some reason or another they were > > all > > > > > setup to use our ISP's DNS. Not my idea but that another problem. So > > how > > > > can > > > > > I setup our router to forward requests looking from our current > ISP's > > DNS > > > > to > > > > > our new ISP's DNS without touching all the client machines. > > > > > > > > > > Would the best way be to use policy-base routing? > > > > > > > > > > Would a static route work? > > > > > > > > > > Could I use a static route under NAT? > > > > > > > > > > If someone could proved me a sample of how you could do this I would > be > > > > > greatful... > > > > > > > > > > Thanks > > > > > Michael > > > > _________________________________________________________ > > > > Do You Yahoo!? > > > > Get your free @yahoo.com address at http://mail.yahoo.com > > ________________________ > > > > Priscilla Oppenheimer > > http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35810&t=35703 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
