Hello Don, Monday, June 5, 2006, 8:45:37 PM, you wrote: > Ed Greshko wrote: >> Don Russell wrote: >> >>> I added some information to my named configuration so sendmail could >>> resolve the reverse look up of the private LAN addresses.... or at least >>> get an error quickly instead of timing out >>> >>> In order for this to work, I manually changed /etc/resolv.conf , >>> deleting the exisiting nameserver statements, and adding nameserver >>> 127.0.0.1 >>> >>> Works great.... UNTIL the network is restarted and the resolv.conf file >>> is rewritten.... then the nameserver statements are back to the >>> addresses from the ISP obtained via DHCP. >>> >>> So, for an interesting experiment, I reconfigured the dhcp server in my >>> router (cisco) to not pass the ISP DNS addresses to my server, instead >>> use 127.0.0.1 >>> >>> Frankly, I wasn't expecting the server to be able to resolve any other >>> addresses.... but it does.... >>> >>> Why? Seems silly to be asking why something DOES work.... but I don't >>> understand how it can be resolving names like google.com, ibm.com etc >>> etc, when it was not told which dns servers to use, other than "ask >>> yourself".... >>> >>> What am I missing? ;-) >>> >> >> In your named.conf do you have something like: >> >> zone "." { >> type hint; >> file "named.root"; >> }; >> >> If so, you have told your DNS server what it needs to do. > Yes, I just looked at that... the file has a different name (named.ca), > but it seems to describe all the root servers.... > I gather that means my FC5 box is now using the root servers directly to > resolve addresses instead of "lower", possibly caching, servers. > hmmm, that doesn't sound good... :-( But I'm pretty new to dns details.... IMO, it's a very GOOD thing. Esp. if your ISP is for crap. In that case, if their DNS server aren't responding, you'll never even know since your DNS server will resolve things properly. The downside? Possibly slower resolves, since they are unlikely to be as heavily cached as the ISP. Also, you have to make sure the DNS server is configured right. If it isn't, then everything breaks. But those downsides are pretty smallish IMO. Different ball of wax if you're actually making that DNS server "auth" for a DNS zone available on the net though. (You want better/faster/more reliable connections for that.) Cheers -Greg -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list