Thanks Erich.. >>What is meant by "Dnscache log on" exactly? Is this a server-to-server >>or a client-server transaction? (Also, it seems the default is actually >>YES rather than NO.) >I guess its meaning is _dnscache_log_on_ But... What does dnscache log on to? ;-) It would be nice to know what is going on in non-forwarding mode.
I will check with campus IT on the DNS root server blocking issue... BTW, both modes work through my ISP. Thanks agin. Rick. -----Original Message----- From: Erich Titl [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 29, 2004 6:04 PM To: Tibbs, Richard; [EMAIL PROTECTED] Subject: Re: [leaf-user] Bering 1.2 Dnscache: Querylog versus Forward Only Rick this is possibly a shot in the dark... At 14:54 29.06.2004, Tibbs, Richard wrote: >Dear List: >Recently I had quite a difficult time getting dnscache to work in a >campus network environment. In other applications, e.g. a SOHO >environment using an ISP, the "stock" Bering 1.2 setup seems to work, >that is, in lrcfg options as follows: > >3(packages) 8(dnscache) 3(Set to YES to set DNScache log on, >default=NO) = YES >3(packages) 8(dnscache) 4(Set to YES to set FORWARDONLY on, default=NO) >= NO >3(packages) 8(dnscache) 5(ISP DNS addresses when FORWARDONLY is on) = >empty file And /etc/resolv.conf contains the ISPs DNS servers. > >But in the campus net, *only* the following worked, arrived at by trial >and error: AFAIK dnscache in _not_ forwarding mode uses the root servers to find suitable name servers. This may be blocked on your campus, so forwarding to the campus DNS server will solve this problem. >3(packages) 8(dnscache) 3 = NO >3(packages) 8(dnscache) 4 = YES >3(packages) 8(dnscache) 5 = campus DNS server(s) > >My questions are: >What is meant by "Dnscache log on" exactly? Is this a server-to-server >or a client-server transaction? (Also, it seems the default is actually >YES rather than NO.) I guess its meaning is _dnscache_log_on_ >Is FORWARDONLY the same as setting a forwarder on, say, Windows 2003 >server DNS? Is this a server-to-server or a client-server transaction? client-server server-server is on zone transfers. >If anyone knows, are the transactions above recursive, iterative, or >something else? > >Off-thread, but any help on how to set up Bind9 on a linux box on the >external side of Bering to work with the FORWARDONLY option would be >appreciated. Bind is a completely different animal, rather complex and without knowledge _what_exactly it is you want to do I would frown on this. I guess you would find ample help at the IT staff on your campus to set up Bind. Then, why set the Bind box _outside_ your LEAFed perimeter? DMZ might be a good idea. HTH Erich THINK P�ntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
