Charles Steinkuehler wrote:
>
> > I'm sort of confused, and maybe someones seen this.
> > If I run a cacheing dns server somewhere on my private
> > internal lan (10.x.x.x), then, by definition, it's not
> > authoriative for my zone and just cache's query responses
> > it gets back, correct?
> >
> > If you guys run a cacheing dns server, how do you
> > configure it to be able to reply for the masq'd internal
> > LAN?
>
> If you're talking about dnscache, you create a zero length file in the
> dnscache ip directory, with the name of the network you want dnscache to
> service. If you're using 10.1.2.0/24, you'd run:
>
> touch /etc/dnscache/root/ip/10.1.2
>
> and dnscache would answer queries from any system with the IP 10.1.2.x
>
> Charles Steinkuehler
Ok. That's how you tell it which network to
respond to with answers.
My question, however, is one level deeper than
that. Specifically, when the dnscache gets a
request from one of those 10.1.2 computers to
resolve it's neighbor's ip address into a name,
for whatever tcpwrappers etc reason, what happens?
Doesn't it then go to the net and look for
10.1.2.x. which is bogus?
Here's the opposite direction lookup, name to ip,
how that might come about:
1) You have dnscache running on a computer called "hub"
2) Hub masq's an internal private space, like 10.1.2.0/24.
3) You have a couple of computers in that private space,
called "left" and "right"
4) You're calling your private domain, myprivateedomainn.net
5) All your private computers have their /etc/resolv.conf nameserver
line pointing to the hub's ip address, as per the directions.
6) I sit down at left and type
nslookup right.myprivateedomainn.net.
7) That sends the request to the hub's dnscache and it's
needs to get back 10.1.2.2, let's say.
How does it get back 10.1.2.2, if the dnscache is not
authoritative for it's zone, but rather it just caches
answers it gets from the net, and it can't ever get
the correct answer for 10.1.2.2 from the net????
These requests lead to dns timeouts and LAN delays.
It's important for whatever dns people decide to run to
be able to resolve their masq'd lan names to addresses.
I don't think that all programs check /etc/hosts.
I don't think /etc/hosts is the correct answer here.
Apologies for the longish post. It's been bugging me.
Matt
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
