> Since no good deed ever goes unpunished, I have another question. :) And you caught me just before I'm headed home...
> I have a > Dachstein VPN/Firewall (A) with IPSEC tunnels to a Dachstein VPN/Firewall > (B) and a Cisco router running IPSEC VPN (C). I am using dnscache to > provide DNS services to the users behind VPN/Firewall A. How do I configure > dnscache on A so that it can provide DNS info not only from the Internet > ISP but also from the DNS servers on the networks attached to firewalls B > and C? You have to tell dnscache about local DNS servers. From the djbdns FAQ: http://cr.yp.to/djbdns/faq/cache.html ---------- How do I tell my cache to consult internal DNS servers? Our network has internal servers at IP addresses 10.1.2.5 and 10.1.2.6 providing information about the moon.af.mil and 10.in-addr.arpa domains. Answer: Put 10.1.2.5 10.1.2.6 into /service/dnscache/root/servers/moon.af.mil and into /service/dnscache/root/servers/10.in-addr.arpa. Make sure that both files are readable by the DNS cache account. Restart dnscache: svc -t /service/dnscache dnscache will contact the internal servers for information about moon.af.mil and 10.in-addr.arpa. If the moon.af.mil servers delegate darkside.moon.af.mil to another server, dnscache will contact that server for information about darkside.moon.af.mil. ---------- How do I tell my cache to forward queries to an external cache? I know that I could put the external cache IP address into /etc/resolv.conf, so that clients contact the external cache directly; but my connection to the external cache is slow, so I'd like to run a local cache. The standard dnscache configuration doesn't work, because our company's firewall drops UDP packets sent to any machine other than the external cache. Answer: The following answer is for versions 1.03 and above: echo 1 > /service/dnscache/env/FORWARDONLY Replace the IP addresses in /service/dnscache/root/servers/@ with the IP address of the external cache. dnscache will send recursive queries to the external cache for any information it doesn't have. If dnscache is already running, restart it: svc -t /service/dnscache ---------- Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
