Re: [SLUG] Manipulating DNS - got it!!
On Fri, Apr 18, 2008 at 3:55 PM, Howard Lowndes [EMAIL PROTECTED] wrote:
Amos Shapira wrote:
On Fri, Apr 18, 2008 at 3:06 PM, Howard Lowndes [EMAIL PROTECTED]
wrote:
I did this and it was successful, both for internal and external
domains
(tks Amos for that suggestion), and here are the lines from
/etc/named.conf:
And how does it work when the VPN is NOT connected? Is it smart enough
to figure out not to try 10.2.2.{1,41} when the VPN is down and go
directly to the external DNS?
Basically, yes. It obviously won't resolve internal fqdns because they are
not reachable anyway, neither are the internal dns servers, but the resolver
still tries the localhost dns server first (as it is the first nameserver in
the /etc/resolv.conf file) to resolve an external address and the forward
first clause causes the localhost dns server to try the (now inaccessible)
forwarders just the once and then give up, and the resolver then goes on to
try the other dhcp supplied name servers. Thus there is a small delay in dns
resolution but I don't see it as a major problem. I guess if you used the
forward only clause then it might knicker up.
I was hoping for something more along the lines of when the VPN link
goes down - reconfigure:
1. Remove the search soho.lannet.com.au line from resolv.conf
2. Reconfigure local DNS server to forget about the zone
soho.lannaet.com.au part.
I'm sure it's doable. Will try to get to it over the weekend (need to
be outside the office to test this).
Maybe it's less relevant to you because you still want to use the same
name but get the external view when the VPN is disconnected, right?
Cheers,
--Amos
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Manipulating DNS - got it!!
On Fri, Apr 18, 2008 at 04:17:48PM +1000, Amos Shapira wrote:
On Fri, Apr 18, 2008 at 3:55 PM, Howard Lowndes [EMAIL PROTECTED] wrote:
Amos Shapira wrote:
On Fri, Apr 18, 2008 at 3:06 PM, Howard Lowndes [EMAIL PROTECTED]
wrote:
I did this and it was successful, both for internal and external
domains
(tks Amos for that suggestion), and here are the lines from
/etc/named.conf:
And how does it work when the VPN is NOT connected? Is it smart enough
to figure out not to try 10.2.2.{1,41} when the VPN is down and go
directly to the external DNS?
Basically, yes. It obviously won't resolve internal fqdns because they are
not reachable anyway, neither are the internal dns servers, but the resolver
still tries the localhost dns server first (as it is the first nameserver in
the /etc/resolv.conf file) to resolve an external address and the forward
first clause causes the localhost dns server to try the (now inaccessible)
forwarders just the once and then give up, and the resolver then goes on to
try the other dhcp supplied name servers. Thus there is a small delay in dns
resolution but I don't see it as a major problem. I guess if you used the
forward only clause then it might knicker up.
I was hoping for something more along the lines of when the VPN link
goes down - reconfigure:
1. Remove the search soho.lannet.com.au line from resolv.conf
2. Reconfigure local DNS server to forget about the zone
soho.lannaet.com.au part.
why not have 2 resolv.conf something like resolv.conf.{a,b}, then
symlink to resolv.conf.
attach a script on vpn up to symlink .a and when the vpn is down to
symlink .b
Alex
I'm sure it's doable. Will try to get to it over the weekend (need to
be outside the office to test this).
Maybe it's less relevant to you because you still want to use the same
name but get the external view when the VPN is disconnected, right?
Cheers,
--Amos
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
--
It's unacceptable to think that there's any kind of comparison between the
behavior of the United States of America and the action of Islamic extremists
who kill innocent women and children to achieve an objective.
- George W. Bush
09/15/2006
Washington, DC
White House Press Conference
signature.asc
Description: Digital signature
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Manipulating DNS - got it!!
On Fri, Apr 18, 2008 at 3:06 PM, Howard Lowndes [EMAIL PROTECTED] wrote:
I did this and it was successful, both for internal and external domains
(tks Amos for that suggestion), and here are the lines from /etc/named.conf:
And how does it work when the VPN is NOT connected? Is it smart enough
to figure out not to try 10.2.2.{1,41} when the VPN is down and go
directly to the external DNS?
What I'm worried about is that the VPN-relevant setup will slow
everything down when the VPN is not connected, timing out on the
internal DNS servers.
Thanks for the update, it's a great help.
--Amos
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
