----------
From: Lourdes Jones[SMTP:[EMAIL PROTECTED]]
Sent: Monday, 20 March 2000 0:39
To: 'Wilson Fletcher'; 'linux-diald'
Subject: RE: Just looking at my filters and wanted your opinions
Wilson Fletcher wrote:
> From: Lourdes Jones <[EMAIL PROTECTED]>
> >People typically want diald to close as soon possible after
> traffic stops
> >crossing the link.
>
> Unless they pay for the connection rather than the time.
Sorry, I was not trying to say that this is right for you. I just tried to
explain why it was setup that way in the file. It's a configuration file
precisely so you can change things to match your needs.
No problem. I appreciated the comments at any rate.
Take a good at the diald man page and investigating the impulse option.
impulse 600,0,0
might be a good option if you want to keep the connection up for a minimum
of 10 minutes before checking any idle timers.
hmmm, good idea. Might be better than creating a range of rules when my
needs are pretty simple. ie. if the link is being used keep it up and
provide a buffer of say 10 minutes idle time before disconnecting.
> >1. if you are using bind as a caching name server it will immediately
> >attempt to reach the root servers. this is normal and expected for
bind.
> Yes I think it is bind. The number (128.63.2.53) is in fact a root domain
> server (I checked it). But I do use a 486-50 for the gateway so I might
look
> into timing it out
I currently use RedHat 6.1. I only boot to the command line (init 3).
same with me.
This worked without dialing on a 486-33 (RH 5.2 and below).
/etc/rc.d/rc3.d/S55named
/etc/rc.d/rc3.d/S98diald
Good. At the moment I've put diald at about S5diald so I can choose
interactive boot up and choose to kill it straight away and then continue
everything else but it might be better put it later I'll weigh up the pros
and cons for my gateway.
It dials with a P166 (I would have to start diald from /etc/rc.d/rc.local
to
gain enough time, since I only boot the server when I upgrade kernels or
hardware it hasn't been worth making the change).
Can't you just put a sleep in the script or something similar ? ie. Maybe
your S98Diald could start a diald wrapper as a background process that
would sleep for x seconds and then start diald like you previously would
have done in your S98diald script ? .... just a thought since that way it
wouldn't really matter how fast the machine was ...
Note: bind starts querying the root servers immediately in order to
determine response times and which server it should poll first in future.
The bind users list claims bad things can happen if you don't allow this to
happen. I never had any problems but your experience may vary.
I'm willing to give it a go if it breaks my system I can always reverse the
changes.
> BUT !!!!! Why did it go out on port 1024 ? I thought it
> should be 53 to 53 or is that only for Xfers ?
Most likely because you are using bind 8 (instead of bind 4 which always
used port 53). You can setup bind 8 to always use port 53 if you prefer.
--
options {
query-source address * port 53;
// ... your existing options
};
Yes I might give this a go and see what the implications are to my network.
Am I correct in assuming that the standard.filter hasn't caught up with the
change between bind 4 and bind 8 then ?
ie. I can't remember the rule exactly but doesn't it ignore packets if they
are BOTH from and to the domain port ? OR was the standard filter only
designed to block zone transfers anyway ?
--
By default bind 8 only uses port 53 when replying or for zone transfers.
Basically when it's acting as a server it uses port 53, when it is polling
another name server it uses a random high port (1024 and above) like any
other program doing the same thing.
Note: bind 8 also picks a fixed high port (check your logs to see which
one)
for any queries to forwarders.
Hope this helps,
Yes, thanks.
Wilson Fletcher
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
