Hi, First, the caching is not 24h, it's 1h. Second, we fixed that : https://github.com/inverse-inc/packetfence/commit/986f432a2dc277819e76c8556b0e91d392e78169
It was causing issues with OSX machines and Inline. We did the change to all our zones. On 2012-09-19 12:46 PM, Sallee, Stephen (Jake) wrote: > You are correct, PF creates a DNS black hole and funnels everyone to its self. > > However, I believe you are correct in assuming the DNS cache is cleared when > the user I switched to a new vlan (and hence, subnet). > > We are using this method and have never seen an issue with DNS caching on the > clients. One thing we HAVE seen is Google chrome throwing a bit of a hissy > fit if you try to redirect google.com to the captive portal ... it seems that > chrome is smart enough to figure out that you are redirecting and throws up a > nasty warning. > > Jake Sallee > Godfather of Bandwidth > System Engineer > University of Mary Hardin-Baylor > 900 College St. > Belton TX. 76513 > Fone: 254-295-4658 > Phax: 254-295-4221 > HTTP://WWW.UMHB.EDU > > > -----Original Message----- > From: Brian Candler [mailto:[email protected]] > Sent: Wednesday, September 19, 2012 11:03 AM > To: [email protected] > Subject: Re: [PacketFence-users] Registration in routed networks > > On Wed, Sep 19, 2012 at 03:39:32PM +0000, Brian Candler wrote: >> (2) PF DNS returns a fake IP address for all hostnames. > > After digging through the source, I believe this is indeed what happens. > > --------- > ; Registration network DNS configuration ; This file is manipulated on > PacketFence's startup before being given to named $TTL 3600 . IN SOA > %%hostname%%. %%incharge%% ( > 2009020901 ; serial > 10800 ; refresh > 3600 ; retry > 604800 ; expire > 86400 ; default_ttl > ) > > IN NS %%hostname%%. > *. IN A %%A_blackhole%% > IN MX 5 %%hostname%%. > > %%PTR_blackhole%% IN PTR %%hostname%% > --------- > > However I'm surprised at the DNS TTL of 24 hours, given that Windows clients > cache DNS responses themselves. Is the assumption that once a client has > been dropped into a new VLAN and re-DHCP'd, that it will clear its local > cache? Or perhaps PF acts as a proxy for any requests which hit its own IP? > (I can't see how though, ProxyPass is Off) > > Thanks, > > Brian. > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and threat > landscape has changed and how IT managers can respond. Discussions will > include endpoint security, mobile security and the latest in malware threats. > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
