Timothy:
You make some interesting point... Let me clarify something. This is my
class project, so time is short. in this case I have to follow some strict
rules. In my setup, Linux server ns1.mydomain.com is using IP address of
63.113.255.3. On the same machine, I have a third party dial in bank using
IP 63.113.255.x. My setup should allow external CACHE to dial-in users (test
users). Based on that, I will be installing only external Cache listening
on 63.113.255.3. You can answer the following, from your answers:
>> If you only need DNS resolution services (lookups and caching) for one
machine, a local cache is what you want. On the other hand, if you want
to provide DNS service for more than one machine, you need an external
cache - dnscache running on a real IP address.<<
Reviewing the above statement, my only choice is to install external cache
so dial in clients can be serviced.
>> The problem with your setup is that your IP address, 63.113.255.3, is a
public address. If you connect to the Internet, the whole world can see
it and the whole world can then use your DNS cache. You don't want that.<<
I sure do not want the world to see... But if the only IP's 127.0.0.1 &
63.113.255.* are allowed to connect, then it should make no difference?
>> Can you set up your network to use an address like 192.168.xxx.xxx?
Those are addresses that are not public IP addresses. You can assign
more than one address to a network interface using ifconfig. The
additional addresses are called aliases.
The idea is that your whole network uses addresses in the
192.168.xxx.xxx range and you use NAT (Network Address Translation)
to convert from public addresses (like 64.113.255.3) to 192.168.x.x
addresses. <<
Well in this case, we already wrote a paper which outlined the class
project. Can't change it now.
Thanks.
Kirti
-----Original Message-----
From: Timothy Legant [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 02, 2001 10:19 PM
To: Kirti S. Bajwa
Subject: Re: dnscache vs dnscachex
On Mon, Apr 02, 2001 at 09:11:39PM -0400, Kirti S. Bajwa wrote:
> Please also note that I am following the djbdns document... and using the
> same names as being used in the documentation. In the document "dnscache"
> and "dnscachex" are being referred to as "local DNS cache" and "external
DNS
> cache" respectively. I have installed both "local DNS cache" and "external
> DNS cache" on the same machine.
Generally, you only need a local cache OR an external cache. Not both.
You *definitely* would never install both on the same machine.
> I find that the default installation of
> "external DNS cache" listens on 127.0.0.1 & 63.113.255 whereas default
> installation of "local DNS cache" also listens on 127.0.0.1.
As the previous guy said, the files in the "ip" directory are *not* the
addresses that dnscache is listening on. They are the addresses that
dnscache will accept queries from. To see what addresses dnscache is
listening on, look at the contents of the file .../dnscache/env/IP .
You can also use "netstat -a".
> Therefore, am I to assume that if "external DNS cache" is installed on a
> machine, then there is no need to install "local DNS cache" on the SAME
> machine (and that it is redundant)?
The only difference between a local cache and an external cache is that
the external cache is listening on an IP address that other computers
can see. In other words, 63.113.255.3. A local cache listens to
127.0.0.1 and therefore can provide caching services *only* to the local
machine.
If you only need DNS resolution services (lookups and caching) for one
machine, a local cache is what you want. On the other hand, if you want
to provide DNS service for more than one machine, you need an external
cache - dnscache running on a real IP address.
The problem with your setup is that your IP address, 63.113.255.3, is a
public address. If you connect to the Internet, the whole world can see
it and the whole world can then use your DNS cache. You don't want that.
Can you set up your network to use an address like 192.168.xxx.xxx?
Those are addresses that are not public IP addresses. You can assign
more than one address to a network interface using ifconfig. The
additional addresses are called aliases.
The idea is that your whole network uses addresses in the
192.168.xxx.xxx range and you use NAT (Network Address Translation)
to convert from public addresses (like 64.113.255.3) to 192.168.x.x
addresses.
If you want to keep it simple (I seem to remember this is for a class
project?) Then just put the external cache on 63.113.255.3 and put
nameserver 63.113.255.3
in the /etc/resolv.conf file on all of your Un*x machines and tell the
Windows machines that 63.113.255.3 is their nameserver. Things will work
fine then, although probably lots of other people will start using your
nameserver, too.
Tim
