not to add any heat underneath anyone behind, but I routinely use UUNET/Mindspring/Earthlink/Qwest... (their caching of course)
to be honest with you, I have never run into an isp that wouldn't allow lookups from external hosts... I mean...for authoratative servers, how would you propagate your zones without allowing lookups from other caching servers? Unless you restricted lookups from root servers only...But wouldn't that be kinda unefficient? -Patrick >>> "Priscilla Oppenheimer" 02/18/02 03:50PM >>> Yes, I can use that DNS server that you mentioned without any problem. I have my PC set to use it right now. And I know of others that anyone can use too, but I'm not going to give details in case they would not like this info to get out. ;-) Priscilla At 03:24 PM 2/18/02, Chuck wrote: >the simple way to test this would be to set your workstation with some other >ISP's DNS address, and see how things go. In one of my posts I provided the >real IP of an active DNS server. Someone want to give it a try? or post one >that you know about. I'll be happy to test. > >I wish the guy who posted the original question would get back to us with >his results. > >Chuck > >""Priscilla Oppenheimer"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > At 12:28 PM 2/18/02, Marc Thach Xuan Ky wrote: > > >Any decent ISP will refuse DNS recursion from any IP address that is not > > >within its own address space. > > > > He wasn't asking about recursion. He was asking about the initial query > > from the end host. Although I could believe you that a service provider > > should make sure these queries only come from customers, my experience is > > that service providers don't do this. I can set my PC to use a variety of > > DNS servers around the Internet and it works. > > > > I think it's because it's tricky to do, especially for small ISPs. Some > > ISPs might have only one DNS server. The same server that provides DNS > > services to Internet-access customers may also be the authority for >various > > names managed by the ISP. The ISP may be doing Web hosting and be the > > authority for a bunch of names. In that case, it can't filter out DNS > > queries coming from the Internet. > > > > For example, say your PC asks your local DNS server to resolve > > www.priscilla.com. Your server can't do it. It asks its upstream server, > > probably one of the root servers. The root server figures out that > > petiteisp.com owns www.priscilla.com and tells your server the IP address > > of the authoritative name server at petiteisp.com. Your server queries > > petiteisp.com which gives your server the IP address for >www.priscilla.com. > > Your server finally responds to your PC. > > > > Notice that the query to petiteisp.com came from some unexpected IP >address > > that can't be anticipated in a filter. If petiteisp.com had a filter to > > allow queries only from its customers, the query from your server would > > have failed. > > > > Did that make sense? ;-) How to bigger ISPs handle this? I suppose bigger > > ISPs have more than one DNS server, one for Internet access customers, and > > one that is the authority for names owned by the ISP. > > > > Priscilla > > > > > This is fundamental to DNS security. > > >You need to rewrite the destination IP address. Note that Cisco's NAT > > >is not suitable for this because of the DNS ALG. The easiest thing to > > >do may be to provide an on-site cacheing DNS using the old ISPs DNS > > >addresses. If you've got a lot of workstations and a decent bandwidth > > >to the Internet, you will probably find that running your own DNS cache > > >will be more satisfactory anyway. > > >rgds > > >Marc TXK > > > > > > > > >Godswill HO wrote: > > > > > > > > You can still use your former ISP's DNS records while using the new >ISP's > > > > bandwidth. It does not matter who owns the DNS server. Everybody have > > >access > > > > to it once they are in the internet. Except when they are specifically > > > > filtered. > > > > > > > > The only drawn back is that, Your new ISP have to forward the packet >in a > > > > round trip to the old ISP's network through the internet before they >are > > > > resolved and sent back to you machine, had it been you are using the >DNS > > of > > > > your new ISP, these request would stop there. Do not loose your sleep, > > > > because at the worst these delays are in milisseconds and not easily > > > > noticeable by the eye, more each machine have a cache so it does not > > >forward > > > > every request. Great if you have a Cache Engine to compliment the > > machine's > > > > cache. > > > > > > > > Whatever, you are kool and everything will be fine, switch to your new > > ISP > > > > and enjoy. > > > > > > > > Regards. > > > > Oletu > > > > ----- Original Message ----- > > > > From: Michael Hair > > > > To: > > > > Sent: Sunday, February 17, 2002 8:07 PM > > > > Subject: DNS Request Redirection [7:35703] > > > > > > > > > I was wondering what is the best way to take care of the following: > > > > > > > > > > I have been using a private address space behind a Cisco 4500 router > > > > > connected up to our current ISP using NAT, now we want to move our > > > > > connection from our current ISP to a new ISP with better bandwidth. >My > > > > > problem is that we don't want to change all our client machines >TCP/IP > > > > > settings, which are all static, for some reason or another they were > > all > > > > > setup to use our ISP's DNS. Not my idea but that another problem. So > > how > > > > can > > > > > I setup our router to forward requests looking from our current >ISP's > > DNS > > > > to > > > > > our new ISP's DNS without touching all the client machines. > > > > > > > > > > Would the best way be to use policy-base routing? > > > > > > > > > > Would a static route work? > > > > > > > > > > Could I use a static route under NAT? > > > > > > > > > > If someone could proved me a sample of how you could do this I would >be > > > > > greatful... > > > > > > > > > > Thanks > > > > > Michael > > > > _________________________________________________________ > > > > Do You Yahoo!? > > > > Get your free @yahoo.com address at http://mail.yahoo.com > > ________________________ > > > > Priscilla Oppenheimer > > http://www.priscilla.com ________________________ Priscilla Oppenheimer http://www.priscilla.com >>>>>>>>>>>>> Confidentiality Disclaimer <<<<<<<<<<<<<<<< This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. ("WellStar") and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. ================================================================ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35781&t=35703 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
