Chuck, et al., One DNS Server IP that I've used for years when I don't have a specific IP given when doing installations for customers, i.e., they don't tell me any additional info in regards to whether or not their ISP told them to use X.X.X.X and Y.Y.Y.Y for their client DNS settings, is a UUNet DNS Cache server:
198.6.1.2 Never had any problems with it yet. But then again, I don't keep them on that DNS Setting... It's usually just for initial install/test for DNS /Internet connectivity. Then I go get the rest of the information. And again, these steps are only performed this way when the customer contact is quite busy, and disappears on me within minutes of me confirming my arrival to work, or they have the classic response of "Uh, I'm not sure right now... lemme go try to dig that info up in our paperwork..." and they still don't come back for an extended period of time. Otherwise, I work efficiently, and request all of the specific configuration info up front as part of the install plan. :) SO...... Give the UUNet Caching server a spin, and let us know if it fails certain queries. Mark -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, February 18, 2002 2:25 PM To: [EMAIL PROTECTED] Subject: Re: DNS Request Redirection [7:35703] the simple way to test this would be to set your workstation with some other ISP's DNS address, and see how things go. In one of my posts I provided the real IP of an active DNS server. Someone want to give it a try? or post one that you know about. I'll be happy to test. I wish the guy who posted the original question would get back to us with his results. Chuck ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > At 12:28 PM 2/18/02, Marc Thach Xuan Ky wrote: > >Any decent ISP will refuse DNS recursion from any IP address that is not > >within its own address space. > > He wasn't asking about recursion. He was asking about the initial query > from the end host. Although I could believe you that a service provider > should make sure these queries only come from customers, my experience is > that service providers don't do this. I can set my PC to use a variety of > DNS servers around the Internet and it works. > > I think it's because it's tricky to do, especially for small ISPs. Some > ISPs might have only one DNS server. The same server that provides DNS > services to Internet-access customers may also be the authority for various > names managed by the ISP. The ISP may be doing Web hosting and be the > authority for a bunch of names. In that case, it can't filter out DNS > queries coming from the Internet. > > For example, say your PC asks your local DNS server to resolve > www.priscilla.com. Your server can't do it. It asks its upstream server, > probably one of the root servers. The root server figures out that > petiteisp.com owns www.priscilla.com and tells your server the IP address > of the authoritative name server at petiteisp.com. Your server queries > petiteisp.com which gives your server the IP address for www.priscilla.com. > Your server finally responds to your PC. > > Notice that the query to petiteisp.com came from some unexpected IP address > that can't be anticipated in a filter. If petiteisp.com had a filter to > allow queries only from its customers, the query from your server would > have failed. > > Did that make sense? ;-) How to bigger ISPs handle this? I suppose bigger > ISPs have more than one DNS server, one for Internet access customers, and > one that is the authority for names owned by the ISP. > > Priscilla > > > This is fundamental to DNS security. > >You need to rewrite the destination IP address. Note that Cisco's NAT > >is not suitable for this because of the DNS ALG. The easiest thing to > >do may be to provide an on-site cacheing DNS using the old ISPs DNS > >addresses. If you've got a lot of workstations and a decent bandwidth > >to the Internet, you will probably find that running your own DNS cache > >will be more satisfactory anyway. > >rgds > >Marc TXK > > > > > >Godswill HO wrote: > > > > > > You can still use your former ISP's DNS records while using the new ISP's > > > bandwidth. It does not matter who owns the DNS server. Everybody have > >access > > > to it once they are in the internet. Except when they are specifically > > > filtered. > > > > > > The only drawn back is that, Your new ISP have to forward the packet in a > > > round trip to the old ISP's network through the internet before they are > > > resolved and sent back to you machine, had it been you are using the DNS > of > > > your new ISP, these request would stop there. Do not loose your sleep, > > > because at the worst these delays are in milisseconds and not easily > > > noticeable by the eye, more each machine have a cache so it does not > >forward > > > every request. Great if you have a Cache Engine to compliment the > machine's > > > cache. > > > > > > Whatever, you are kool and everything will be fine, switch to your new > ISP > > > and enjoy. > > > > > > Regards. > > > Oletu > > > ----- Original Message ----- > > > From: Michael Hair > > > To: > > > Sent: Sunday, February 17, 2002 8:07 PM > > > Subject: DNS Request Redirection [7:35703] > > > > > > > I was wondering what is the best way to take care of the following: > > > > > > > > I have been using a private address space behind a Cisco 4500 router > > > > connected up to our current ISP using NAT, now we want to move our > > > > connection from our current ISP to a new ISP with better bandwidth. My > > > > problem is that we don't want to change all our client machines TCP/IP > > > > settings, which are all static, for some reason or another they were > all > > > > setup to use our ISP's DNS. Not my idea but that another problem. So > how > > > can > > > > I setup our router to forward requests looking from our current ISP's > DNS > > > to > > > > our new ISP's DNS without touching all the client machines. > > > > > > > > Would the best way be to use policy-base routing? > > > > > > > > Would a static route work? > > > > > > > > Could I use a static route under NAT? > > > > > > > > If someone could proved me a sample of how you could do this I would be > > > > greatful... > > > > > > > > Thanks > > > > Michael > > > _________________________________________________________ > > > Do You Yahoo!? > > > Get your free @yahoo.com address at http://mail.yahoo.com > ________________________ > > Priscilla Oppenheimer > http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35790&t=35703 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
