Re: [gentoo-user] DJBDNS and Gentoo linux
Never mind. I got it all working just fine. Not forwarding any longer. JBanks --- Joshua Banks <[EMAIL PROTECTED]> wrote: > Hi Frank and Mike, > > Ok, I believe I see the light now Frank. Finally... Heh... > > Frank With your previous explanations I see now that I don't need to use the > "FORWARDONLY" > variable. Sorry it took so long. > > So now to use dnscache to soley do resolving instead of forwarding on behalf of the > clients > requests I just need to reconfigure my setup via the following: Please let me know > if this is > correct?? > > Remove the sym linked /service directory. And recreate after performing the > following steps?? > Should I stop "svscan" first before performing the above and below steps?? > > > 1) Remove the the "FORWARDONLY" variable that I created intially??... when I did > > echo 1 > /etc/dnscache/env/FORWARDONLY > > 2) Repopulate /etc/dnscache/root/servers/@ with previous list of root servers before > I removed > them and added the one ip of the isp dns server? > > Umm..where do I get this list of ip's now that I have removed them?? I do notice > that I have a > file /etc/dnsroots.global that lists the following ips. > 198.41.0.4 > 128.9.0.107 > 192.33.4.12 > 128.8.10.90 > 192.203.230.10 > 192.5.5.241 > 192.112.36.4 > 128.63.2.53 > 192.36.148.17 > 198.41.0.10 > 193.0.14.129 > 198.32.64.12 > 202.12.27.33 > > Can I just cp this list of ip's to /etc/dnscache/root/servers/@ ??? > > 3) Recreate /service directory: > ln -s /ect/dnscache /service > sleep 5 > svstat /service/dnscache > > How's that look?? > > Thanks, > Joshua Banks > > > > __ > Do you Yahoo!? > Exclusive Video Premiere - Britney Spears > http://launch.yahoo.com/promos/britneyspears/ > __ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] DJBDNS and Gentoo linux
Hi Frank and Mike, Ok, I believe I see the light now Frank. Finally... Heh... Frank With your previous explanations I see now that I don't need to use the "FORWARDONLY" variable. Sorry it took so long. So now to use dnscache to soley do resolving instead of forwarding on behalf of the clients requests I just need to reconfigure my setup via the following: Please let me know if this is correct?? Remove the sym linked /service directory. And recreate after performing the following steps?? Should I stop "svscan" first before performing the above and below steps?? 1) Remove the the "FORWARDONLY" variable that I created intially??... when I did echo 1 > /etc/dnscache/env/FORWARDONLY 2) Repopulate /etc/dnscache/root/servers/@ with previous list of root servers before I removed them and added the one ip of the isp dns server? Umm..where do I get this list of ip's now that I have removed them?? I do notice that I have a file /etc/dnsroots.global that lists the following ips. 198.41.0.4 128.9.0.107 192.33.4.12 128.8.10.90 192.203.230.10 192.5.5.241 192.112.36.4 128.63.2.53 192.36.148.17 198.41.0.10 193.0.14.129 198.32.64.12 202.12.27.33 Can I just cp this list of ip's to /etc/dnscache/root/servers/@ ??? 3) Recreate /service directory: ln -s /ect/dnscache /service sleep 5 svstat /service/dnscache How's that look?? Thanks, Joshua Banks __ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] DJBDNS and Gentoo linux
--- Mike Williams <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Monday 27 October 2003 22:23, Joshua Banks wrote: > > > I've re-read through the postings. I am still left with the same conclusion > > which isn't your fault. Its how I've interpreted your email. I asked a > > specific question within a statement and I was left with the conculsion > > that TindyDns did have something to do with my setup. It didn't and you > > were'nt saying it did. But with the way I interpreted your response, It > > sounded as though you were saying that TinyDns did in fact have something > > to do with my setup. > > > > My apologies. > > It you were female I'd suggest we kiss and make up, but shall we just manly > hug and make up? :o) LOL... To funny... a cyber hug then... :D Thanks or your understanding Mike. Joshua Banks __ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] DJBDNS and Gentoo linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 27 October 2003 22:23, Joshua Banks wrote: > I've re-read through the postings. I am still left with the same conclusion > which isn't your fault. Its how I've interpreted your email. I asked a > specific question within a statement and I was left with the conculsion > that TindyDns did have something to do with my setup. It didn't and you > were'nt saying it did. But with the way I interpreted your response, It > sounded as though you were saying that TinyDns did in fact have something > to do with my setup. > > My apologies. It you were female I'd suggest we kiss and make up, but shall we just manly hug and make up? :o) - -- Mike Williams -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/nZ4sInuLMrk7bIwRApm7AKCm+62nQiqWCvl2zE0emffhpudM1gCfW20k dcfV4LkjlnPrK8YSjeX8Iac= =eIMl -END PGP SIGNATURE- -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] DJBDNS and Gentoo linux
--- Mike Williams <[EMAIL PROTECTED]> wrote: > I said nothing of the sort, my answers were correct. > My original post to you was a copy and paste of an answer I gave to someone > else, which I stated. Those instructions also clearly stated where dnscache > was going to get answers, the forward lookups for my internal domain and > reverse lookups for my internal IPs. > > In a second post, clarifying the first, after you questioned it I said: > > If you don't want, or need, a dns server all of your own then you will have > > nothing to tell dnscache about, and completely forget about tinydns. Just > > leave the @ with the root servers in and it'll go off to the internet for > > any query. > How much clearer should I be? > You didn't fully understand, I corrected. > I apologies if I was a bit too verbose, but I didn't give an untrue or > incorrect answer. I've re-read through the postings. I am still left with the same conclusion which isn't your fault. Its how I've interpreted your email. I asked a specific question within a statement and I was left with the conculsion that TindyDns did have something to do with my setup. It didn't and you were'nt saying it did. But with the way I interpreted your response, It sounded as though you were saying that TinyDns did in fact have something to do with my setup. My apologies. Joshua Banks __ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] DJBDNS and Gentoo linux
Joshua Banks <[EMAIL PROTECTED]> writes: > Was this patch automatically applied when I emerged "djbdns" ?? Yes. It's part of the ebuild. > When I do a "qpkq -I -v" this patch isn't listed. I don't know what qpkg is or does. Sorry. > Wouldn't the above apply to how this is setup normally...regardless > of having a forwarding caching server setup > internally??... I.E..clients resolvers pointing to 2 upstream dns > servers. Yes, of course. Additionally the upstream servers get info about the number of your internal computers. > > Your dnscache gets the client requests, they are forwarded to your > > forward server that does the resolving. The answer is the cached by > > your dnscache and given to the client. > > There is one step too much here, isn't it? > > Not that I can see. Not sure what you mean.?? Dnscache does a good job in resolving itself. So there is no need to forward to another server (special setups may *require* forwarding, but not in your case). So you simply let dnscache talk to all required dns servers itself instead of asking for help at the ISP's servers (that's called forwarding). > > So you don't use the core function of dnscache. Maybe you confuse > > forwarding with resolving? > > Ummm. I don't know. I thought in my type of setup that its doing > both. No. Stock dnscache either does resolving or forwarding. With the fwdzone patch you control this on a per zone base. > I thought that when forwarding it was more or less acting like > a proxy on behalf of the clients that point to it. I think I can see your point of confusion. When talking about forwarding you mean the resolving that is done by dnscache on behalf of the stub resolvers at the clients. Explanation: nearly no clients contain a full blown resolver. They rely on a resolver that answers recursive queries. Such a resolver may be dnscache or the dns servers (caches/resolvers) at your ISP. But forwarding in context of dnscache means that dnscache doesn't do resolving - instead it relies on the resolver service of the ISP. > > > When I rebooted "svscan" didn't start at boot which I find a little > > > strange so I guess I need to add this to the default runlevel with > > > the "rc-update add svscan default". Sorry for the rant. > > > > This info is displayed when emerging daemontools, I think. But I may > > be wrong here. > > What info?? Hm. The info that "you have add svscan to your default runlevel"? > Forwarding must work because I have two internal clients that are > soley pointing their dns resolvers at my server that is running the > forwarding cache at 192.168.1.1. They get dns resolution so I would > have to assume that this is working correctly NO?? No. If dnscache does resolving itself, you have the setup that I recommended. This works too of course. To see what is going on look at your dnscache logfile. It contains the IP addresses that dnscache talks to (in hexadecimal format). Regards, Frank -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] DJBDNS and Gentoo linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sunday 26 October 2003 03:04, Joshua Banks wrote: > To Mike Williams, > > You said that I need TinyDns configured to achieve dns caching and > forwarding. This is totally untrue. If you're unsure of an answer to a > question please don't post to a list given them info that is not correct. > This isn't good practice. If you think you know the answer to a persons > question but actually don't know for sure, then kindly please say so. This > way the person will know to either research more or take your word as > gospel. Heh.. Heh.. I said nothing of the sort, my answers were correct. My original post to you was a copy and paste of an answer I gave to someone else, which I stated. Those instructions also clearly stated where dnscache was going to get answers, the forward lookups for my internal domain and reverse lookups for my internal IPs. In a second post, clarifying the first, after you questioned it I said: > If you don't want, or need, a dns server all of your own then you will have > nothing to tell dnscache about, and completely forget about tinydns. Just > leave the @ with the root servers in and it'll go off to the internet for > any query. How much clearer should I be? You didn't fully understand, I corrected. I apologies if I was a bit too verbose, but I didn't give an untrue or incorrect answer. - -- Mike Williams -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/nVx6InuLMrk7bIwRAklhAJ9peJNYFiws9a+Lh/AP3cwzuVbhowCfR6R1 uXL1E10eZ0zLWc6Dz/4yCTk= =CY8d -END PGP SIGNATURE- -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] DJBDNS and Gentoo linux
--- Frank Tegtmeyer <[EMAIL PROTECTED]> wrote: > Joshua Banks <[EMAIL PROTECTED]> writes: > > > Where are you getting this info?? > > The info about the changes was from the README of the patch that > changes the dnscache behaviour. > (/usr/portage/distfiles/djbdns-1.04-fwdzone.patch) Was this patch automatically applied when I emerged "djbdns" ?? Or is this something that I have to manually apply? When I do a "qpkq -I -v" this patch isn't listed. So is it safe to assume that this isn't applied then?? > > > I have a forwarding cache setup right now and it works like a charm. > > It talks to one up stream dns server at the isp and works fine. > > The point is not *if* it works, but what consequences this > introduces. See below. > > Forwarding may be necessary if your internet connection is slow, but > even then I prefer to avoid forwarding. If you have a slow connection, > dnscache will be a bit slow after startup but later it will typically > have much of the requested information in its cache. Also a computer > behind a slow connection normally does not use DNS heavily, so it will > not add that much to bandwith use. > > > And why would someone not want to use forwarding? You made the > > comment that forwarding isn't reccomended but don't say why. > > If you use forwarding you solely rely on the recursive dns server that > you forward to. You rely on: > - that it is available at all > - that it does resolving correctly (not always given) > - that its administrators respect your privacy and don't analyze your > request patterns > - that nobody plays cache tricks to get more information about you Wouldn't the above apply to how this is setup normally...regardless of having a forwarding caching server setup internally??... I.E..clients resolvers pointing to 2 upstream dns servers. > > > But in my case I think this is just forwarding the client dns > > request's like normal. > > Your dnscache gets the client requests, they are forwarded to your > forward server that does the resolving. The answer is the cached by > your dnscache and given to the client. > There is one step too much here, isn't it? Not that I can see. Not sure what you mean.?? > > > Maybe your talking about TinyDns?? NO..?? > > No. > > > I installed "djbdns" strictly for the ability to act as a caching > > server as well as a dns forwarding agent that the other pc's point > > to when making dns requests. > > dnscache's primary task is resolving. This is done in an efficient and > secure way. Caching is a secondary thing. Forwarding was introduced > only for some rare cases (firewall setups etc.). The initial dnscache > code even didn't contain forwarding possibilities. > So you don't use the core function of dnscache. Maybe you confuse > forwarding with resolving? Ummm. I don't know. I thought in my type of setup that its doing both. I thought that when forwarding it was more or less acting like a proxy on behalf of the clients that point to it. > > When I rebooted "svscan" didn't start at boot which I find a little > > strange so I guess I need to add this to the default runlevel with > > the "rc-update add svscan default". Sorry for the rant. > > This info is displayed when emerging daemontools, I think. But I may > be wrong here. What info?? > > I followed this doc and this works exactly as I envisioned wanting > > it too > > http://cr.yp.to/djbdns/run-cache-x-home.html > > Maybe this worked in an older ebuild, the actual one contains the > fwdzone patch. Are you sure, that forwarding works? Are you sure you > used the ebuild and didn't build from source by hand? Remember that my > first comment was about the ebuild. Yes this is the latest stable ebuild that came with the patch. I didn't know that the patch was included at first until you told me where to look. I suppose if I had been watching the emerge compile process at the time of compilation then I would've noticed. Forwarding must work because I have two internal clients that are soley pointing their dns resolvers at my server that is running the forwarding cache at 192.168.1.1. They get dns resolution so I would have to assume that this is working correctly NO?? Thanks for the response Frank. You've been very helpful. Joshua Banks __ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] DJBDNS and Gentoo linux
Joshua Banks <[EMAIL PROTECTED]> writes: > Where are you getting this info?? The info about the changes was from the README of the patch that changes the dnscache behaviour. (/usr/portage/distfiles/djbdns-1.04-fwdzone.patch) > I have a forwarding cache setup right now and it works like a charm. > It talks to one up stream dns server at the isp and works fine. The point is not *if* it works, but what consequences this introduces. See below. Forwarding may be necessary if your internet connection is slow, but even then I prefer to avoid forwarding. If you have a slow connection, dnscache will be a bit slow after startup but later it will typically have much of the requested information in its cache. Also a computer behind a slow connection normally does not use DNS heavily, so it will not add that much to bandwith use. > And why would someone not want to use forwarding? You made the > comment that forwarding isn't reccomended but don't say why. If you use forwarding you solely rely on the recursive dns server that you forward to. You rely on: - that it is available at all - that it does resolving correctly (not always given) - that its administrators respect your privacy and don't analyze your request patterns - that nobody plays cache tricks to get more information about you > But in my case I think this is just forwarding the client dns > request's like normal. Your dnscache gets the client requests, they are forwarded to your forward server that does the resolving. The answer is the cached by your dnscache and given to the client. There is one step too much here, isn't it? > Maybe your talking about TinyDns?? NO..?? No. > I installed "djbdns" strictly for the ability to act as a caching > server as well as a dns forwarding agent that the other pc's point > to when making dns requests. dnscache's primary task is resolving. This is done in an efficient and secure way. Caching is a secondary thing. Forwarding was introduced only for some rare cases (firewall setups etc.). The initial dnscache code even didn't contain forwarding possibilities. So you don't use the core function of dnscache. Maybe you confuse forwarding with resolving? > When I rebooted "svscan" didn't start at boot which I find a little > strange so I guess I need to add this to the default runlevel with > the "rc-update add svscan default". Sorry for the rant. This info is displayed when emerging daemontools, I think. But I may be wrong here. > I followed this doc and this works exactly as I envisioned wanting > it too > http://cr.yp.to/djbdns/run-cache-x-home.html Maybe this worked in an older ebuild, the actual one contains the fwdzone patch. Are you sure, that forwarding works? Are you sure you used the ebuild and didn't build from source by hand? Remember that my first comment was about the ebuild. Regards, Frank -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] DJBDNS and Gentoo linux
Hello Frank, Where are you getting this info?? And why would someone not want to use forwarding? You made the comment that forwarding isn't reccomended but don't say why. I have a forwarding cache setup right now and it works like a charm. It talks to one up stream dns server at the isp and works fine. But in my case I think this is just forwarding the client dns request's like normal. Maybe your talking about TinyDns?? NO..?? I'm a little confused here. :P I installed "djbdns" strictly for the ability to act as a caching server as well as a dns forwarding agent that the other pc's point to when making dns requests. I followed this doc and this works exactly as I envisioned wanting it too http://cr.yp.to/djbdns/run-cache-x-home.html The only things that I have found different from whats on this doc is the fact that when I emerged "djbdns" or "daemontools" it created the following accounts for me transparently which was a little confusing at first because the doc want's you to creat "Gdnscache" and "Gdnslog" accounts. So I just skipped that part. dnscache:x:1001:200::/nonexistent:/bin/false dnslog:x:1002:200::/nonexistent:/bin/false tinydns:x:1003:200::/nonexistent:/bin/false The other thing that I found was that "svscan" wasn't running so the "supervise" service would never start. Once I "/etc/init.d/svscan start" everything started working like a charm. When I rebooted "svscan" didn't start at boot which I find a little strange so I guess I need to add this to the default runlevel with the "rc-update add svscan default". Sorry for the rant. Just thought it's important to put the info out there. To Mike Williams, You said that I need TinyDns configured to achieve dns caching and forwarding. This is totally untrue. If you're unsure of an answer to a question please don't post to a list given them info that is not correct. This isn't good practice. If you think you know the answer to a persons question but actually don't know for sure, then kindly please say so. This way the person will know to either research more or take your word as gospel. Heh.. Heh.. Thanks, Joshua Banks --- Frank Tegtmeyer <[EMAIL PROTECTED]> wrote: > Andrei Ivanov <[EMAIL PROTECTED]> writes: > > > What are those requirements ? > > From the fwdzone-patch: > > + * The FORWARDONLY environment variable doesn't work anymore. By default, > +dnscache performs only iterative queries, like in pre-1.03 versions. > + > + * Configure the root/servers directory of dnscache : > + echo dns.server > my.iterative.zone > + > + echo dns.cache > my.recursive.zone > + chmod +t my.recursive.zone > + > + If my.zone has the sticky bit set, dnscache will perform recursive queries > +for the zone : my.zone must contain a list of DNS caches to whom dnscache > +will forward the queries. > + If my.zone has the sticky bit cleared, dnscache will perform iterative > +queries for the zone : my.zone must contains a list of appropriate DNS > +servers. > + > + If @ has the sticky bit set, dnscache will forward any queries it cannot > +find a preconfigured zone for. This is most useful behind a firewall with > +a split-DNS configuration. > > Regards, Frank > > -- > [EMAIL PROTECTED] mailing list > __ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] DJBDNS and Gentoo linux
Andrei Ivanov <[EMAIL PROTECTED]> writes: > What are those requirements ? >From the fwdzone-patch: + * The FORWARDONLY environment variable doesn't work anymore. By default, +dnscache performs only iterative queries, like in pre-1.03 versions. + + * Configure the root/servers directory of dnscache : + echo dns.server > my.iterative.zone + + echo dns.cache > my.recursive.zone + chmod +t my.recursive.zone + + If my.zone has the sticky bit set, dnscache will perform recursive queries +for the zone : my.zone must contain a list of DNS caches to whom dnscache +will forward the queries. + If my.zone has the sticky bit cleared, dnscache will perform iterative +queries for the zone : my.zone must contains a list of appropriate DNS +servers. + + If @ has the sticky bit set, dnscache will forward any queries it cannot +find a preconfigured zone for. This is most useful behind a firewall with +a split-DNS configuration. Regards, Frank -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] DJBDNS and Gentoo linux
What are those requirements ? I've heard about this and I've backed out the round-robin patch, but I don't know how to configure it with the patch included... On Sat, 25 Oct 2003, Frank Tegtmeyer wrote: > Mike Williams <[EMAIL PROTECTED]> writes: > > > If you don't want, or need, a dns server all of your own then you will have > > nothing to tell dnscache about, > > A short sidenote: if your use forwarding (normally not recommended) > you should know that the ebuild contains a patch that changes the > requirements for forwarding configuration. > > Regards, Frank > > -- > [EMAIL PROTECTED] mailing list > > -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] DJBDNS and Gentoo linux
Mike Williams <[EMAIL PROTECTED]> writes: > If you don't want, or need, a dns server all of your own then you will have > nothing to tell dnscache about, A short sidenote: if your use forwarding (normally not recommended) you should know that the ebuild contains a patch that changes the requirements for forwarding configuration. Regards, Frank -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] DJBDNS and Gentoo linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 23 October 2003 23:46, Joshua Banks wrote: > >From what I'm trying to do and what your doing and what the djbdns doc's > > say, TindyDns has nothing > > to do with my type of setup. I'm not hosting a dns server that is for > public use. I'm simply trying to use djbdns to cache and do lookups on > behalf of the clients on the local lan. This type of setup of caching > doesn't mention TinyDns at all in the configuration documentation. > Am I missing something here?? Nope, tinydns is a dns server, and thus is only able to server the dns records it knows about (the ones you told it). dnscache is what asks the dns server for records, the entries in /etc/dnscache/root/servers/ tell it where to go for those records. If you don't want, or need, a dns server all of your own then you will have nothing to tell dnscache about, and completely forget about tinydns. Just leave the @ with the root servers in and it'll go off to the internet for any query. - -- Mike Williams -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/mF4CInuLMrk7bIwRAmQqAJsEpJMa7YEfFSTMAJwo+D9Rrp0CUgCePxcv 32lvZ27PG5UTvJxkcA81JxA= =dJr9 -END PGP SIGNATURE- -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] DJBDNS and Gentoo linux
Hello Mike, I read your posting over the weekend. >From what I'm trying to do and what your doing and what the djbdns doc's say, >TindyDns has nothing to do with my type of setup. I'm not hosting a dns server that is for public use. I'm simply trying to use djbdns to cache and do lookups on behalf of the clients on the local lan. This type of setup of caching doesn't mention TinyDns at all in the configuration documentation. Am I missing something here?? Thanks, JBanks > > Hello, > > > > Gentoo Automatically created 3 accounts when I emerged "djbdns". The > > following where created: dnscache:x:1001:200::/nonexistent:/bin/false > > dnslog:x:1002:200::/nonexistent:/bin/false > > tinydns:x:1003:200::/nonexistent:/bin/false > > > > The djbdns docs wanted me to create "Gdnscache and Gdnslog" system > > accounts. Confusing. Can I just rename these accounts, delete them and then > > recreate, or does it matter? > > Just exchange Gdnscache and Gdnslog for those the ebuild made. > > I'm not new to DNS, networking and firewalling, but new to how these things > > are done on Linux. I've > > read through the djbdns doc's and need a little confirmation from the linux > > pro's. > > > > I have Gentoo linux installed on a PC that acts as the firewall and > > defaultgateway for the other 3 pc's on my lan doing NAT and basic packet > > filtering. Right now the Gentoo Linux pc dials-up to the internet to get > > its ip via dialup ppp0. This connection is then shared among 4 pc's. I > > know..slow but this is all I have and it works fine for now. The ip that I > > get every time I dialup is different but the dns server ip's are inputed > > statically in KPPP's dialup tool. So everytime I dialup /ect/resolv.conf is > > popultated with two dns entries temporarily while dialed up. > > > > What I ideally want if for the other 3 pc's that use the Gentoo linux box > > as their default gateway to also send their DNS requests to this box as > > well and then the Gentoo linux box would do the lookups on behalf of the > > client and then return the requested info to the client doing the request > > or have the requested info already cached. > > > > Give the description above of what I'm trying to do and the choices given > > below from: http://cr.yp.to/djbdns.html , I'm alittle confused as to which > > one does what I'm trying to do. Logically I think #5. Is this correct? > > > > 1. How to run a cache on a workstation > > 2. How to run a computer without a cache > > 3. How to run a forwarding cache on a home computer > > 4. How to run an external cache for your network > > 5. How to run an external forwarding cache > > > > My other question is about following some of the directions listed: > > 1st question. > > Quote: > > "1. As root, create UNIX accounts named Gdnscache and Gdnslog." > > Unquote: > > So form the command line as root am I just creating the above "user > > accounts" without passwords?? > > > > 2nd question. > > Quote: > > "3. As root, create an /etc/dnscache service directory, with your IP > > address on the end of the line: > > > > dnscache-conf Gdnscache Gdnslog /etc/dnscache 10.53.0.1" > > Unquote: > > So from the command line i just need to create the directory "dnscache (my > > ip-address)?? > > > > My example: > > mkdir /etc/dnscache 192.168.1.1 > > This creates the dnscache directory but I don't see 192.168.1.1 referenced > > or associated with the "dnscache" directory created??? > > > > But then I'm totally confused with what the heck the following is?? > > > > dnscache-conf Gdnscache Gdnslog /etc/dnscache 10.53.0.1 > > > > Is this a command or do they want me to make "dnscache-conf", "Gdnscache" > > and "Gdnslog" directories > > under the /etc/dnscache ? > > > > The lingo or symantics used have me very confused through out this entire > > document? I don't understand what this means in laymens terms either. > > > > Quote: > > "4. If your computer is running a DHCP client to obtain a dynamically > > assigned IP address from your ISP, configure the DHCP client to make > > external DNS cache information available to dnscache, and skip to step 8." > > Unquote: > > > > Well I'm using PPP to dialup to get an ip. Sorry. I've never heard anyone > > use this type of terminology before. I have know idea what it means to > > configure a DHCP client to make external DNS cache information available to > > dnschache. > > I know what dhcp is and does but have no clue what the author is asking > > here. > > > > Sorry...totally frustrated __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] DJBDNS and Gentoo linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 23 October 2003 22:47, Joshua Banks wrote: > Hello, > > Gentoo Automatically created 3 accounts when I emerged "djbdns". The > following where created: dnscache:x:1001:200::/nonexistent:/bin/false > dnslog:x:1002:200::/nonexistent:/bin/false > tinydns:x:1003:200::/nonexistent:/bin/false > > The djbdns docs wanted me to create "Gdnscache and Gdnslog" system > accounts. Confusing. Can I just rename these accounts, delete them and then > recreate, or does it matter? Just exchange Gdnscache and Gdnslog for those the ebuild made. As for the setup, I wrote this just this saturday, might help. Right, basic setup. Tinydns listens on 127.0.0.1, dnscache(x) listens on an/the external interface(s). Tiny is the resolver, dnscache the (brainfart moment). My router has it's internal address in /etc/resolv.conf (it's 192 address). Lets do this backwards, starting with dnscache. redshat root # cat /etc/dnscache/env/IP 192.168.0.1 You will need dnscache, and dnscachex. One on the internal that will resolve anything, and one on the external that will only resolve your domain. The files in /etc/dnscache/root/ip/ tell dnscache who is allowed access, in my case redshat root # ls -lh /etc/dnscache/root/ip/ total 0 - -rw---1 root root0 Jul 1 02:43 127.0.0.1 - -rw-r--r--1 root root0 Jul 1 02:43 192.168 I'm pretty sure an @ will allow anyone. To tell it what it is authorative for, and where it go for the resolver put files in /etc/dnscache/root/servers redshat root # ls -lh /etc/dnscache/root/servers/ total 12K - -rw-r--r--1 root root 10 Jul 1 02:43 0.168.192.in-addr.arpa - -rw-r--r--1 root root 164 Jul 1 02:43 @ - -rw-r--r--1 root root 10 Jul 1 02:43 home.gaima.co.uk redshat root # cat /etc/dnscache/root/servers/0.168.192.in-addr.arpa 127.0.0.1 redshat root # cat /etc/dnscache/root/servers/home.gaima.co.uk 127.0.0.1 redshat root # cat /etc/dnscache/root/servers/\@ 198.41.0.4 128.9.0.107 192.33.4.12 128.8.10.90 192.203.230.10 192.5.5.241 192.112.36.4 128.63.2.53 192.36.148.17 198.41.0.10 193.0.14.129 198.32.64.12 202.12.27.33 Reverse for 192.168., forward for home.gaima.co.uk, and for anything else pick a root server (default config I think). Now to tinydns. redshat root # cat /etc/tinydns/env/IP 127.0.0.1 It only listens on localhost. Now all you need is the data. A nameserver .home.gaima.co.uk:192.168.0.1:redshat.home.gaima.co.uk:259200 Another nameserver .0.168.192.in-addr.arpa:192.168.0.1:redshat.home.gaima.co.uk:259200 An A record, with PTR =redshat.home.gaima.co.uk:192.168.0.1 A CNAME Cmrtg.redshat.home.gaima.co.uk:redshat.home.gaima.co.uk:86400 An MX @home.gaima.co.uk:redshat.home.gaima.co.uk:redshat.home.gaima.co.uk You'll have to read Dans docs on the data format, I can never remember :) HTH > I'm not new to DNS, networking and firewalling, but new to how these things > are done on Linux. I've > read through the djbdns doc's and need a little confirmation from the linux > pro's. > > I have Gentoo linux installed on a PC that acts as the firewall and > defaultgateway for the other 3 pc's on my lan doing NAT and basic packet > filtering. Right now the Gentoo Linux pc dials-up to the internet to get > its ip via dialup ppp0. This connection is then shared among 4 pc's. I > know..slow but this is all I have and it works fine for now. The ip that I > get every time I dialup is different but the dns server ip's are inputed > statically in KPPP's dialup tool. So everytime I dialup /ect/resolv.conf is > popultated with two dns entries temporarily while dialed up. > > What I ideally want if for the other 3 pc's that use the Gentoo linux box > as their default gateway to also send their DNS requests to this box as > well and then the Gentoo linux box would do the lookups on behalf of the > client and then return the requested info to the client doing the request > or have the requested info already cached. > > Give the description above of what I'm trying to do and the choices given > below from: http://cr.yp.to/djbdns.html , I'm alittle confused as to which > one does what I'm trying to do. Logically I think #5. Is this correct? > > 1. How to run a cache on a workstation > 2. How to run a computer without a cache > 3. How to run a forwarding cache on a home computer > 4. How to run an external cache for your network > 5. How to run an external forwarding cache > > My other question is about following some of the directions listed: > 1st question. > Quote: > "1. As root, create UNIX accounts named Gdnscache and Gdnslog." > Unquote: > So form the command line as root am I just creating the above "user > accounts" without passwords?? > > 2nd question. > Quote: > "3. As root, create an /etc/dnscache service directory, with your IP > address on the end of the line: > > dnscache-conf Gdnscache Gdnslog /etc/dnscache 10.53.0.1" > Unquote: > So from the co
[gentoo-user] DJBDNS and Gentoo linux
Hello, Gentoo Automatically created 3 accounts when I emerged "djbdns". The following where created: dnscache:x:1001:200::/nonexistent:/bin/false dnslog:x:1002:200::/nonexistent:/bin/false tinydns:x:1003:200::/nonexistent:/bin/false The djbdns docs wanted me to create "Gdnscache and Gdnslog" system accounts. Confusing. Can I just rename these accounts, delete them and then recreate, or does it matter? I'm not new to DNS, networking and firewalling, but new to how these things are done on Linux. I've read through the djbdns doc's and need a little confirmation from the linux pro's. I have Gentoo linux installed on a PC that acts as the firewall and defaultgateway for the other 3 pc's on my lan doing NAT and basic packet filtering. Right now the Gentoo Linux pc dials-up to the internet to get its ip via dialup ppp0. This connection is then shared among 4 pc's. I know..slow but this is all I have and it works fine for now. The ip that I get every time I dialup is different but the dns server ip's are inputed statically in KPPP's dialup tool. So everytime I dialup /ect/resolv.conf is popultated with two dns entries temporarily while dialed up. What I ideally want if for the other 3 pc's that use the Gentoo linux box as their default gateway to also send their DNS requests to this box as well and then the Gentoo linux box would do the lookups on behalf of the client and then return the requested info to the client doing the request or have the requested info already cached. Give the description above of what I'm trying to do and the choices given below from: http://cr.yp.to/djbdns.html , I'm alittle confused as to which one does what I'm trying to do. Logically I think #5. Is this correct? 1. How to run a cache on a workstation 2. How to run a computer without a cache 3. How to run a forwarding cache on a home computer 4. How to run an external cache for your network 5. How to run an external forwarding cache My other question is about following some of the directions listed: 1st question. Quote: "1. As root, create UNIX accounts named Gdnscache and Gdnslog." Unquote: So form the command line as root am I just creating the above "user accounts" without passwords?? 2nd question. Quote: "3. As root, create an /etc/dnscache service directory, with your IP address on the end of the line: dnscache-conf Gdnscache Gdnslog /etc/dnscache 10.53.0.1" Unquote: So from the command line i just need to create the directory "dnscache (my ip-address)?? My example: mkdir /etc/dnscache 192.168.1.1 This creates the dnscache directory but I don't see 192.168.1.1 referenced or associated with the "dnscache" directory created??? But then I'm totally confused with what the heck the following is?? dnscache-conf Gdnscache Gdnslog /etc/dnscache 10.53.0.1 Is this a command or do they want me to make "dnscache-conf", "Gdnscache" and "Gdnslog" directories under the /etc/dnscache ? The lingo or symantics used have me very confused through out this entire document? I don't understand what this means in laymens terms either. Quote: "4. If your computer is running a DHCP client to obtain a dynamically assigned IP address from your ISP, configure the DHCP client to make external DNS cache information available to dnscache, and skip to step 8." Unquote: Well I'm using PPP to dialup to get an ip. Sorry. I've never heard anyone use this type of terminology before. I have know idea what it means to configure a DHCP client to make external DNS cache information available to dnschache. I know what dhcp is and does but have no clue what the author is asking here. Sorry...totally frustrated Thanks, Joshua Banks __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com -- [EMAIL PROTECTED] mailing list
