On Mon, 21 Sep 2009 17:37:12, Sam Varshavchik replied,
Joel Rees writes:
The WAN side of the router runs dhcp to my ISP, and gets the dns
server addresses by dhcp, as well.
Check your router's documentation. The way that 99% of these
routers are set up, is that they run a caching nameserver
internally, and on the local LAN they give their own IP address as
the DNS server's address, via DHCP.
Well, yeah, it does that. That is, I think the one page of docs said
that it did, and I think I remember testing it when I first got it
six or seven years ago. (Sure didn't expect to be using it this
long.) Small cache, but shouldn't be so small that I would notice
delays or anything, even on a big YUM update.
It's a black box, if it's using open source, and if NEC has published
the source, they sure haven't made it easy to find it. Probably
closed source. I seem to be able to telnet in, but it doesn't
recognize any command I give it except "quit". (or was it "goodbye?")
I don't really trust it, if I could afford the money and time to
replace it with something I could load openBSD on, I would. (Come to
think of it, it's rental, I should be able to justify the cost of
replacement by how much it has cost to rent it all this time.)
I guess, if I trust it to route, and if I can't shut the DNS function
off, I might as well trust the DNS function as well. If somebody gets
far enough into it to do a MIM on the DNS function, they can probably
MIM the routes as easily.
In the past, the ISP had told us to set the primary and secondary
dns server addresses statically, so I had the router set to serve
dhcp with those address. But I have also set the dns primary and
secondary server addresses for all the boxes by hand to the dns
servers
Chances are that this is unnecessary. You should've just set your
servers to use your router as the DNS server.
It was the ISP's original recommendation.
So, my problem is that I need to tell each Fedora box to accept
the DNS server addresses provided by the DHCP server (the router,
actually, which worries me), but not ask for a host IP address for
itself, but the GUI dialogs in current Fedora don't provide that
as an option.
Why don't you test setting your server as full blown DHCP client,
and see what DNS address your router gives you for your DNS server.
Chances are that it's your router's IP address. In which case you
just need to configure your servers to use a static DNS server on
your router's IP address.
The ISP recommends leaving the DNS addresses to be set via DHCP,
rather than setting the router as the DNS server. Not that
recommendations for the average customer are the only way to do
things, of course.
Well, since I seem to be able to set the Macs on the network to keep
a static host IP address and use the DNS server addresses passed
along by the DHCP server, I was hoping I could do that with the
graphical UI stuff on Fedora. Or even with /etc/dhclient.conf. (Not
really seeing how yet from the man pages, so now I'm wondering if
that's actually part of the standard.)
OK. Thanks for pushing me to think a little further about the
implications of trusting the router. (And about whether I should
consider investing in a router I can control, as an investment
against the cost of more rent.)
Joel Rees
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
