Re[2]: dns question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Don,

Monday, June 5, 2006, 8:45:37 PM, you wrote:

> Ed Greshko wrote:
>> Don Russell wrote:
>>   
>>> I added some information to my named configuration so sendmail could
>>> resolve the reverse look up of the private LAN addresses.... or at least
>>> get an error quickly instead of timing out
>>>
>>> In order for this to work, I manually changed /etc/resolv.conf ,
>>> deleting the exisiting nameserver statements, and adding nameserver
>>> 127.0.0.1
>>>
>>> Works great.... UNTIL the network is restarted and the resolv.conf file
>>> is rewritten.... then the nameserver statements are back to the
>>> addresses from the ISP obtained via DHCP.
>>>
>>> So, for an interesting experiment, I reconfigured the dhcp server in my
>>> router (cisco) to not pass the ISP DNS addresses to my server, instead
>>> use 127.0.0.1
>>>
>>> Frankly, I wasn't expecting the server to be able to resolve any other
>>> addresses.... but it does....
>>>
>>> Why? Seems silly to be asking why something DOES work.... but I don't
>>> understand how it can be resolving names like google.com, ibm.com etc
>>> etc, when it was not told which dns servers to use, other than "ask
>>> yourself"....
>>>
>>> What am I missing? ;-)
>>>     
>>
>> In your named.conf do you have something like:
>>
>> zone "." {
>>      type hint;
>>      file "named.root";
>> };
>>
>> If so, you have told your DNS server what it needs to do.


> Yes, I just looked at that... the file has a different name (named.ca),
> but it seems to describe all the root servers....

> I gather that means my FC5 box is now using the root servers directly to
> resolve addresses instead of "lower", possibly caching, servers.

> hmmm, that doesn't sound good... :-(  But I'm pretty new to dns details....


IMO, it's a very GOOD thing. Esp. if your ISP is for crap. In that
case, if their DNS server aren't responding, you'll never even know
since your DNS server will resolve things properly.

The downside? Possibly slower resolves, since they are unlikely to be
as heavily cached as the ISP. Also, you have to make sure the DNS
server is configured right. If it isn't, then everything breaks.

But those downsides are pretty smallish IMO.

Different ball of wax if you're actually making that DNS server "auth"
for a DNS zone available on the net though. (You want
better/faster/more reliable connections for that.)

Cheers
-Greg

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux