On Sat, 22 Jun 2013, Robert S wrote:
I've eliminated this problem by using openDNS servers:
# cat /etc/resolv.conf
domain mydomain.net.au
search mydomain.net.au
nameserver 192.168.0.33 #<--- My server IP
nameserver 208.67.220.220
nameserver 208.67.222.222
Is this likely to have untoward consequences? I've also looked at using
unbound - which looks quite straightforward.
Assuming that your dnsmasq (or other DNS-server) is running on the same
machine as your SA, use the loopback IP addr (127.0.0.1) instead of the
explicit IP addr of your server's ethernet interface.
IE, in your resolv.conf use:
domain mydomain.net.au
search mydomain.net.au
nameserver 127.0.0.1
nameserver 208...stuff
nameserver some.other.server..
This is for several reasons:
1) ease of maintenance, always works, even after changing your
server's IP addr for what ever reason.
2) security, you can then change your DNS server to only listen
for queries on the loopback addr and make it more immune to
remote attacks.
3) performance, DNS queries work best if they fit in a single
UDP packet. The loopback has a larger MTU than standard
enet interfaces, so more likely to handle large DNS queries
w/o fragmentation or TCP fallback.
Now if you're also using that DNS server to provide DNS service
for other client machine on your local LAN then you cannot do
the change in (2) (make DNS server only listen to loopback) but
it still simplifies configuration. (allow all queries on lo0 and
selected queries on eth*).
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
