Re: default DNS caching name server on Fedora ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Simo,

For the VPN scenario I've been happily using "dnrd" for some time.

I use it to steer DNS requests for "mycompany.com"  to the
company's  DNS servers, and all other DNS requests to the
external servers.

Unlike just adding the company DNS servers to /etc/resolv.conf,
this never uses the company's DNS for external domain
resolution, even if the primary ISP's DNS servers are down.

I also use routing to steer company traffic to the VPN, and
the rest to my default route.

John

On 06/20/2012 11:47 AM, Simo Sorce wrote:
Ok, I guess this topic has been brought up before, but I think some
things changed recently that would warrant seriously considering adding
a default caching name server in fedora installs.

There are at least 2 situations where it is needed, and they are common
or will be common enough.

The 2 use cases for which a properly configurable and dynamically
changeable caching DNA name server would be really useful are:
- DNSSEC verification
- Clients using VPNs into private networks.

The first case is already in the works, and the reason it needs a
caching DNS name server is the complexity of dealing with DNSSEC
verification. I won't spend time on that except for saying this effort
should be part of a unified solution.

The second case is what is really hurting me.
I have my own DNS server at home that resolves address only for my
private network, and forwards any other request.

When I connect to my employer VPN however I need to use their DNS server
to resolve their internal machines, the same happens to pretty much any
other VPN service I have used. Also I do not need to route all DNS
traffic in the VPN for all web sites, mostly for performance reasons,
but also for privacy reasons.

This could be easily solved if we have a caching DNS server that can be
dynamically change to forward DNS requests to the proper DNS server only
for the private domains they provide.

A good name caching server would forward all .redhat.com DNs request top
the DNS addresses provided by the VPN connection, all my .home addresses
to my local DNS server (provided by dhcp) and perhaps all other
addresses to a configurable 'default DNS server'.

Of course for this to work properly we need some level of integration
between Network Manager and the DNS caching server so that the dynamic
configurations can be pushed in/out when the related networks come
up/down.

Discuss.

Simo.



--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux