On Sat, Aug 12, 2006 at 02:56:10PM +0400, Brad Campbell wrote:
> Akshay Lamba wrote:
> >
> >
> > 1. We need to talk about this setup. Specially the OpenVPN bit...i've
> > been trying to build such a thing for a while now and seems too wizardy
> > for my limited mental resources!
>
> Oh it has a steep learning curve that lasts less than an hour.. once you get
> your head around it,
> OpenVPN is so easy it's almost trivial. The most complex part is getting the
> ssl certificate
> generation sorted, and that is only a matter of reading the docs..
>
> > 2. To throw a thought out there, would creating a DNS on your local
> > machine and as the first value in your /etc/resolv.conf with forwarder
> > linked to local DNS/well known public DNS server work out?
>
> Yeah, I had thought of that one.. problem I see here is sometimes when I'm
> overseas the networks I'm
> on seem to firewall dns, and you *have* to go through their dns servers..
> which effectively neuters
> bind. (Used to run a caching bind server on my old laptop and came up against
> that a couple of times).
<disclaimer>After writing the below text the author realised two things:
Since he didn't read the full mail, most of his writing effort was
unneccessary. 2nd, he's too lazy to cut the text down to relevant
sections either.</disclaimer>
No it doesn't. You configure your bind to forward-only and not to do
full lookup - using forward name servers is very polite anyways. To get
the same smoothness as with resolv.conf you hack your DHCP script to
instead of modifying /etc/resolv.conf you modify you bind-forwarders and
send a HUP at the end to give him reason to reread the configuration.
And then you either configure a stub (actually I don't remember what
the right term was, there is something like a forward zone where you can
say for this zone ask this guy). Or if that doens't work out, you could
make your laptop secondary nameserver without giving your laptop an NS
record (well you could, but I know: you do not want) and it would fetch
the zones from the primaries and you wouldn't even have to lookup
through the tunnel.
> I guess I could write a dhclient scriptlet to update the bind config files
> with the local
> forwarders.. I wonder how bind copes with negative responses. Guess I'll have
> a look and find out.
Negative responses are cached as well. The timeout is bind-configurable
and around 15mins.
> Ugly, but perhaps it just might work agent 86.
Dirk.
--
I need a new signature. (Dirk Tilger)
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/dubailug/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
