On Thu, 2009-09-24 at 16:04 -0400, Steven W. Orr wrote: > I have a home server (saturn) off the cablemodem. I get my address from my > ISP's dhcp server. > > I had made the following change to my box (saturn) so it would use OpenDNS.org To be honest, unless you want some unusual out-of-band domains resolved that are ONLY handled by OpenDNS.org, or are avoiding censorship, I don't see a great advantage in using them. As far as I'm concerned, it's better to use DNS as it was intended. Queries are made to root servers to find the right top level server for the domain you want (e.g. use root to find out who handles .com to resolve example.com), then query /that/ server for your answer. Rather than, go through a middle man (crappy ISP servers), or sidestep into an external system which might subvert things. > [root@saturn etc]# cat /etc/dhclient-eth0.conf > prepend domain-name-servers 208.67.222.222, 208.67.220.220; > send host-name "saturn.syslang.net"; # temporary RHL ifup addition > > All is good. Then we have another machine inside my network which is getting > its address from my own dhcpd. All is well there too. That machine also has > its resolv.conf set by my dhcpd.conf to use opendns.org. > > What I want to do is to set up the DNS Caching Nameserver. The goal is: > * for saturn to use OpenDNS.org > * For client machines in my network to use saturn via the caching server > > I saw instructions to do this > > yum install caching-nameserver > > It installed bind. BTW, if I say > > rpm -q caching-nameserver > > it says package caching-nameserver is not installed. That sounds odd. Did you check for typing errors? > I started bind. Please note that I am not serving any names. I just want this > for DNS name caching. Nothing more. Same functionality, really. You get that if you don't go adding any local records to your server. But if you're going to the trouble of running your own DNS and DHCP server, you may as well put in some local records, and never have to fiddle with an /etc/hosts file ever again on any local client computers. > Then the stuff on the web said to create a file called > /etc/named.caching-nameserver.conf > > but that file didn't exist by default. As an experiment, I hand modified > saturn's copy of /etc/resolv.conf so it just says > > nameserver 127.0.0.1 Which means that *that* machine will use itself as a name server for any queries it does. > It looks like I'm still up and running. Should I, and how do I, really do the > following: > > * Where do I modify bind to tell it to look in OpenDNS.org (i.e., > 208.67.222.222, 208.67.220.220)? If you want to use them, they will be set as your "forwarders." > * Is it correct to modify the dhclient-eth0.conf to look in 127.0.0.1 On the DNS server machine, or all your clients? 127.0.0.1 means "myself" to a computer. If you have your DHCP server tell all your DHCP clients to look at themselves to resolve queries, they'll fail unless they do have a DNS server on themselves, too. For your clients, you'd not do anything like that. You'd let your DHCP server tell them the DNS server IPs to use. For your DNS server machine, it's better that it has a fixed IP, and doesn't use DHCP for anything. > * If I get these parts correct, then can I assume that setting my dhcpd.conf > to say: > > option domain-name-servers 192.168.0.101; > > Would that be correct for my client? 192.168.0.101) from the client box points > to saturn as the dhcp server and gateway. Yes, that'd be normal. In summary: Don't configure a DNS server via DHCP, manually configure it with fixed IP addresses (in some cases this is a "need," as DHCP comes into play too late). Set its resolver to be itself, and only itself (don't supply extra resolver addresses). Set up your DNS server to answer queries from your LAN, perhaps to resolve LAN addresses, perhaps to use a forwarder to get someone else's cached query results, but it'd probably be better to just go straight to the root servers. Set up your DHCP server to tell your clients to use your DNS server, and only your DNS server. Set up your clients to get what they need from the DHCP server, and don't make custom DHCP client configuration files on each client. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
