My setup is home-user, DSL, Bering 1.2 release. eth0=internet, eth1=private, eth2=DMZ.
I just recently got a mail-server box placed on my long-empty DMZ interface. However this DMZ-located box wouldn't resolve. I mucked with dnscache, attempting to have it serve both eth1 and eth2 queries but dnscache won't accept more than 1 IP address in the /etc/dnscache/env/IP file. Placing 0.0.0.0 there permitted boxes on either interface to resolve but it seemed like dnscache wasn't performing because pings from the router to the internet would take a few seconds to resolve, every time.
I have checked the relevant FAQ (http://leaf.sourceforge.net/devel/jnilo/dnscache.html) and sought within the mail archives but no clear solution was forthcoming. What I did find within the mail archives was an 18-month old discussion with Michael D. Schleif (sub="dnscache vs. dmz ???") where it was pointed out that 1) dnscache can't serve two masters (aka two interfaces) and 2) this is not particularly desired anyway, because of the crossover of the private lan and the DMZ traffic (i.e. security risk).
Thus I concluded that the way to solve my issue (desiring dnscache to be effective on my private LAN as well as the DMZ) was to have a second instance of dnscache running, and set it up to serve only the DMZ.
So I went about creating a copy of the dnscache.lrp package, called dnscach2.lrp. I changed almost all references to "dnscache" to be "dnscach2" for the files within this new dnscach2.lrp. To reduce the size of this dnscach2.lrp package I removed the executable from the dnscach2 package and had the config files within dnscach2 refer to the original dnscache executable. And it works!
So my questions are:
- is this the proper way to get dnscache functionality on a second interface? (I ask because I saw little about how to solve this issue, and I would have thought that this problem would have been experienced by lots of people and caused them the same difficulty that I had)
I'd just configure DNSCache to resolve queries from both networks. I don't think this is covered by the simplistic help included with the DNSCache LRP file, but a quick google search for 'dnscache man page' will turn up some useful info:
http://www.die.net/doc/linux/man/man8/dnscache.8.html
<quote>
dnscache listens for incoming UDP packets and TCP connections addressed to port 53 of $IP. Typically $IP is 127.0.0.1, but it can also be an externally accessible IP address.
dnscache accepts a packet or connection from IP address 1.2.3.4 if it sees a file named ip/1.2.3.4 or ip/1.2.3 or ip/1.2 or ip/1.
</quote>
So...the IP setting you're trying to play with is the *LISTEN* address of DNSCache (it only needs to listen on 1 IP).
To configure DNSCache to serve both networks, simply add appropriate files (zero length is OK) for both networks in the ip/ directory of dnscace's configuration directory. Of course, you'll also have to setup your firewall rules to allow both networks to make DNS queries to the IP DNSCache is listening on.
Then simply use the IP in /etc/dnscache/env/IP for the DNS server on all machines, and you should be set.
- If this is a proper solution I'm surprised to not see a pre-existing dnscach2.lrp available. Would someone be interested, if I sent them my dnscach2.lrp file (nice and tiny at 2603 bytes) , to place it on the leaf site available for others to use? If so, and some adjustments should be made to the dnscache documentation, what can I do to assist with this? I don't have CVS experience or anything but I can modify the HTML files that comprise the dnscache documentation if someone else would upload them.
I don't know if I'd call it a proper solution...I'd call running two DNSCache servers more of a hack, and you'll have to be careful they don't step on each other's configuration (ie: use seperate configuration directories). There are probably some valid reasons to do this, but your setup isn't one of them (IMHO).
- as a general curiosity (that I could search on myself, but I don't know that it's germane to my situation) why would someone want dnscache as well as tinydns (as was mentioned in the sub="dnscache vs. dmz ???" thread)?
DNSCache is a caching-only DNS server (ie: performs recursive DNS queries to resolve names by asking other DNS servers questions, and remembering the results for faster lookups next time). TinyDNS is an authoritative DNS server, used to host your own domain (ie: to answer questions from everyone else on the internet about names under your control, such as: www.yourdomain.net).
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
