From: "Rodney Barnett" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> > Jacques, > > I downloaded the tinydns and dnscache packages and tried to get them to work > today and ran into a couple of problems. I have suggestions on how to avoid > those problems for others. > > 1. In this case, I'm using LRP as a small, secure platform on which to run a > public DNS server rather than as a firewall. So, I only have one interface > active. I chose to use EXTERN_IP parameter rather than INTERN_IP to specify the > IP address for the interface since I primarily expect external users to be > accessing it. That caused dnscache to fail and its logs to fill up at an > incredible rate. I made the following changes to /etc/init.d/dnscahe to avoid > this problem. This is not the good approach. The key point is to understand the difference between dnscache and tinydns. dnscache is a proxy resolving server. It does not serve authoritative data. tinydns is a content server which only serves authoritative data. Therefore if your objective is to run a public dnson a single interface machine, the request of your (external) clients will be directed to tinydns. In theory you do not need dnscache in this type of setup but in (LRP) practice you do since you will get in dnscache the daemontools programs required by tinydns. A good reference to understand the difference can be found here: http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-server-roles.html The other point is that dnscache and tinydns cannot share the same IP. In your case tinydns will have to use the external IP (in the tinydns configuration menu set dns type to EXTERN and it will be OK). dnscache should be run on another adress (see below). > # diff dnscache /etc/init.d > 14a15,16 > > IP=$INTERN_IP > > [ -n "$IP" ] || IP=$EXTERN_IP > 23c25 > < echo $INTERN_IP > $ENVDIR/IP > --- > > echo $IP > $ENVDIR/IP > 49c51 > < echo "nameserver $INTERN_IP" >> $RESOLV > --- > > echo "nameserver $IP" >> $RESOLV Well you do not need to change the script . If you declare 192.168.1.254 (or 127.0.0.1) in /etc/network.conf for $INTERN_IP this will be used for a proper initialization of dnscache. Anyhow I am in the process of rewriting completely the script to accomodate some fancy options (FORWARDONLY, optional LOG) and to get rid of the dependance on /etc/network.conf and $EXTERN_IP which make the script incompatible with LRP 2.9.8 (and OXYGEN I am afraid). Upcoming version should be more general. > 2. The tinydns boot script is dependent on the dnscache boot script, but doesn't > seem to check whether it started correctly. Being a new user of tinydns, I > wasn't aware of how this all worked and at one point I tried to start tinydns > when dnscache wasn't running. The result was that /service became a symbolic > link to /etc/tinydns-public and error messages spewed to the console at a rather > rapid rate making it quite difficult to figure out what was wrong and how to > stop it. I made the following changes to /etc/init.d/tinydns to avoid this problem. > > # diff tinydns /etc/init.d | more > 50,54c50,58 > < ln -s /etc/tinydns-$1 /service > < echo $! > $VARRUN-$1.pid > < echo $2 > /etc/tinydns-$1/env/IP > < cdb_create $1 > < echo "Starting $1 DNS server listening on $2" > --- > > ln -s /etc/tinydns-$1 /service/tinydns-$1 > > if [ $? -ne 0 ]; then > > echo "Can't start $1 DNS server; start dnscache first." > > else > > echo $! > $VARRUN-$1.pid > > echo $2 > /etc/tinydns-$1/env/IP > > cdb_create $1 > > echo "Starting $1 DNS server listening on $2" > > fi > OK the upcoming script will accomodate that kind of check. Thanks for you comments Jacques _______________________________________________ Leaf-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-devel
