2:49 p.m.
Hello all,
I'm getting frustrated attempting to understand; I googled and asked
folks and am unable to get a straight answer.
1. How is the /etc/resolv.conf file maintained ? I do not seem to
get a consistent result when I save resolv.conf configuration from GUI
or by hand using vim /etc/resolv.conf.
a. Sometimes I the entries toggles between the two entries:
# generated by NetworkManager, do not edit!
; Use a local caching nameserver controlled by NetworkManager
nameserver 127.0.0.1
b. then when I restart the network services some the /etc/resolv.conf
file appears like this:
# generated by NetworkManager, do not edit!
; Use a local caching nameserver controlled by NetworkManager
search lab.mycompany.com
nameserver 192.168.17.2
This host is:
- a DNS server that is authoritative for its domain within the
192.168.16/20 network
- I believe that even as DNS server, this host should have its
resolv.conf file configured to define itself as a DNS server, right?
I apologize for the naive questions, but I am a newbie and am unable
to gather a straightforward answer.
thanks in advance.
--
best,
Vince
2:40 a.m.
vincenzo romero wrote:
thank you for the responses ... and Matthew I think it is getting
clearer now .... however you mention:
> you
> probably have installed a caching nameserver.
i used the Bind Configuration tool; initially when it generates the
DNS records files, the configuration is caching nameserver; however,
when I imported my hosts file, it automatically also created addition
zones which includes my domain - lab.mycompany.com. I checked my
/etc/named.conf configuration against a sample configuration URL and
compared a "caching" vs "standard DNS" and it seems like I have the
standard DNS configured ...
So far as I can tell, and Ive been using RHL and its successors since
RHL 3.0.3, "caching nameserver" is a term invented by RH.
Whatever, it describes a name server that is authoritative for no zones.
Generally speaking, every DNS caches. _My_ DSNs are responsible for some
domains such as office.lan, demo.roon and so on, may refer to other
nameservers I maintain and either refer to my IAP's DNS for public
Internet details or go directly to the root servers.
/etc/resolv.conf can by maintained by DHCP client software where
computers are connected to a LAN running a DCP server (including ADSL
and cable routers), by PPP client software, and by user configuration
tools (including vim) where DHCP and PPP are not used.
can someone pls confirm that the info I am following is correct?
(source: http://www.linux-sxs.org/internet_serving/dns.html#common)
For documentation, read the ISC stuff. Other stuff if you need, but
always read the ISC documentation. It's complete an accurate, but
tageted at professionals, Also, read the RHEL documentation - it's
probably less complete, but a good start and consistent with the
RH/Fedora implementations.
--
Cheers
John
-- spambait
1aaaaaaa(a)coco.merseine.nu Z1aaaaaaa(a)coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
5:23 p.m.
Ok, I am posting in the top since I made such a boo boo. This is the
second or third time I made this transposition. I did not mean DNS
servers but DHCP servers. It must be an age thing
On Tue, 2008-03-25 at 11:29 -0400, Matthew Saltzman wrote:
On Tue, 2008-03-25 at 10:24 -0600, Aaron Konstam wrote:
> On Mon, 2008-03-24 at 17:58 -0400, Matthew Saltzman wrote:
> > On Mon, 2008-03-24 at 16:09 -0600, Aaron Konstam wrote:
> >
> > > You really can't edit /etc/resolv.conf when you are using a DNS
server.
> > > When you are connected to the network it is the DNS nameserver that sets
> > > up the resolv.conf file. In the first case above:
> >
> > This isn't quite correct.
> >
> > /etc/resolv.conf contains the IP addresses of your DNS servers.
> This is a semantic argument. We are talking about wireless. Until you
> connect to the wireless router's AP the resolve.conf computer has no
> idea about the name of your DNS server. The router supplies that form
> the DNS server.
Not semantics at all. DNS servers don't self-report--and in particular,
they don't reach out and edit clients' /etc/resolv.conf files. DHCP
servers can provide DNS server information to clients, or not. If it is
offered, DHCP clients can accept the information (and place it
in /etc/resolv.conf), or not. For static IP addresses and for DHCP
clients that don't get DNS info from the server, /etc/resolv.conf
contents must be created manually.
Clients are not required to use the local network's suggestions for DNS
servers--they can use any servers they can reach by IP address. (For
example, clients can run their own caching nameservers, and just use
127.0.0.1 as the DNS server IP.)
Some wireless routers will get their own IP addresses by DHCP from, say,
a DSL modem (which may in turn get its IP address and DNS server info
from the ISP). As a DHCP server, the modem may provide DNS server
information to the router. As a DHCP client, the router may accept that
information or the user may set it (and/or the router's IP address)
manually.
Having the router get DNS from the modem and provide it in turn to
clients is a pretty seamless way to go, and it is quite common
(particularly in home networks), but it is by no means required.
> >
> > If you connect to your network with a DHCP server, that server provides
> > your IP address and it *may* provide information about DNS servers,
> > which your dhcp client will put in /etc/resolv.conf. It also may not,
> > or you may decline to use the provided information. Or you may connect
> > statically. In that case, you need to hand-edit /etc/resolv.conf or use
> > system-config-network to set static DNS servers.
> >
> > > > # generated by NetworkManager, do not edit!
> > > > ; Use a local caching nameserver controlled by NetworkManager
> > > > nameserver 127.0.0.1
> > >
> > > you has not yet made a connection to the internet.
> >
> > Network manager uses a DHCP client to get your DNS info and places it
> > in /etc/resolv.conf. If you decline to use that information, you
> > probably have installed a caching nameserver. In that case, its IP
> > address is 127.0.0.1
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
--
=======================================================================
You work very hard. Don't try to think as well.
=======================================================================
Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam(a)sbcglobal.net
3:56 p.m.
On Tue, 2008-03-25 at 16:23 -0600, Aaron Konstam wrote:
Ok, I am posting in the top since I made such a boo boo. This is the
second or third time I made this transposition. I did not mean DNS
servers but DHCP servers. It must be an age thing
Ah, the age thing... There's also the TLA thing...
It's OT, but sometimes the discussion on this list seems to me to mirror
this assessment of the current US financial crisis:
http://krugman.blogs.nytimes.com/2008/03/19/jargon/.
8^)
On Tue, 2008-03-25 at 11:29 -0400, Matthew Saltzman wrote:
> On Tue, 2008-03-25 at 10:24 -0600, Aaron Konstam wrote:
> > On Mon, 2008-03-24 at 17:58 -0400, Matthew Saltzman wrote:
> > > On Mon, 2008-03-24 at 16:09 -0600, Aaron Konstam wrote:
> > >
> > > > You really can't edit /etc/resolv.conf when you are using a DNS
server.
> > > > When you are connected to the network it is the DNS nameserver that
sets
> > > > up the resolv.conf file. In the first case above:
> > >
> > > This isn't quite correct.
> > >
> > > /etc/resolv.conf contains the IP addresses of your DNS servers.
> > This is a semantic argument. We are talking about wireless. Until you
> > connect to the wireless router's AP the resolve.conf computer has no
> > idea about the name of your DNS server. The router supplies that form
> > the DNS server.
>
> Not semantics at all. DNS servers don't self-report--and in particular,
> they don't reach out and edit clients' /etc/resolv.conf files. DHCP
> servers can provide DNS server information to clients, or not. If it is
> offered, DHCP clients can accept the information (and place it
> in /etc/resolv.conf), or not. For static IP addresses and for DHCP
> clients that don't get DNS info from the server, /etc/resolv.conf
> contents must be created manually.
>
> Clients are not required to use the local network's suggestions for DNS
> servers--they can use any servers they can reach by IP address. (For
> example, clients can run their own caching nameservers, and just use
> 127.0.0.1 as the DNS server IP.)
>
> Some wireless routers will get their own IP addresses by DHCP from, say,
> a DSL modem (which may in turn get its IP address and DNS server info
> from the ISP). As a DHCP server, the modem may provide DNS server
> information to the router. As a DHCP client, the router may accept that
> information or the user may set it (and/or the router's IP address)
> manually.
>
> Having the router get DNS from the modem and provide it in turn to
> clients is a pretty seamless way to go, and it is quite common
> (particularly in home networks), but it is by no means required.
>
> > >
> > > If you connect to your network with a DHCP server, that server provides
> > > your IP address and it *may* provide information about DNS servers,
> > > which your dhcp client will put in /etc/resolv.conf. It also may not,
> > > or you may decline to use the provided information. Or you may connect
> > > statically. In that case, you need to hand-edit /etc/resolv.conf or use
> > > system-config-network to set static DNS servers.
> > >
> > > > > # generated by NetworkManager, do not edit!
> > > > > ; Use a local caching nameserver controlled by NetworkManager
> > > > > nameserver 127.0.0.1
> > > >
> > > > you has not yet made a connection to the internet.
> > >
> > > Network manager uses a DHCP client to get your DNS info and places it
> > > in /etc/resolv.conf. If you decline to use that information, you
> > > probably have installed a caching nameserver. In that case, its IP
> > > address is 127.0.0.1
>
> --
> Matthew Saltzman
>
> Clemson University Math Sciences
> mjs AT clemson DOT edu
> http://www.math.clemson.edu/~mjs
>
--
=======================================================================
You work very hard. Don't try to think as well.
=======================================================================
Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam(a)sbcglobal.net
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
7:24 p.m.
Aaron Konstam wrote:
Ok, I am posting in the top since I made such a boo boo. This is the
second or third time I made this transposition. I did not mean DNS
servers but DHCP servers. It must be an age thing
I was very surprised at you, you have been around for a while:-)
--
Cheers
John
-- spambait
1aaaaaaa(a)coco.merseine.nu Z1aaaaaaa(a)coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
7:27 p.m.
thank you so much folks ... i think she's ok now .. yeah 127.0.0.1 is fine ...
again, thank you so much for all your help.
- v.
On Tue, Mar 25, 2008 at 5:24 PM, John Summerfield
<debian(a)herakles.homelinux.org> wrote:
Aaron Konstam wrote:
> Ok, I am posting in the top since I made such a boo boo. This is the
> second or third time I made this transposition. I did not mean DNS
> servers but DHCP servers. It must be an age thing
I was very surprised at you, you have been around for a while:-)
--
Cheers
John
-- spambait
1aaaaaaa(a)coco.merseine.nu Z1aaaaaaa(a)coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
--
fedora-list mailing list
fedora-list(a)redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
--
best,
Vince
7:23 p.m.
Matthew Saltzman wrote:
On Tue, 2008-03-25 at 10:24 -0600, Aaron Konstam wrote:
> On Mon, 2008-03-24 at 17:58 -0400, Matthew Saltzman wrote:
>> On Mon, 2008-03-24 at 16:09 -0600, Aaron Konstam wrote:
Clients are not required to use the local network's suggestions
for DNS
servers--they can use any servers they can reach by IP address. (For
example, clients can run their own caching nameservers, and just use
127.0.0.1 as the DNS server IP.)
I have a laptop that runs BIND, and I've configured the DHCP client to
update the BIND configuration to use offered servers as forwarders. On
that laptop, my DNS server _is_ at 127.0.0.1.
It works very well.
Some wireless routers will get their own IP addresses by DHCP from, say,
a DSL modem (which may in turn get its IP address and DNS server info
from the ISP). As a DHCP server, the modem may provide DNS server
information to the router. As a DHCP client, the router may accept that
information or the user may set it (and/or the router's IP address)
manually.
Exactly.
--
Cheers
John
-- spambait
1aaaaaaa(a)coco.merseine.nu Z1aaaaaaa(a)coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
7:17 p.m.
Alan Cox wrote:
On Tue, 25 Mar 2008 20:48:35 +0900
John Summerfield <debian(a)herakles.homelinux.org> wrote:
> Bruno Wolff III wrote:
>> On Tue, Mar 25, 2008 at 16:40:59 +0900,
>> John Summerfield <debian(a)herakles.homelinux.org> wrote:
>>> So far as I can tell, and Ive been using RHL and its successors since
>>> RHL 3.0.3, "caching nameserver" is a term invented by RH.
>> I don't think so.
> You mightn't, but I did a little googling.
If my memory is good the caching nameserver or cache only nameserver go
back a good deal further, maybe even before Linux. I'd have to dig out
old old versions of named and read the docs but I think it may even have
been used in the documentation of the time.
I just did a bit of digging around, but the ISC repo's down atm.
Certainly "cache" and variations are appropriate, and they now use the
term "caching nameserver" quite freely.
--
Cheers
John
-- spambait
1aaaaaaa(a)coco.merseine.nu Z1aaaaaaa(a)coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
2:22 p.m.
On Tue, 25 Mar 2008 20:48:35 +0900
John Summerfield <debian(a)herakles.homelinux.org> wrote:
Bruno Wolff III wrote:
> On Tue, Mar 25, 2008 at 16:40:59 +0900,
> John Summerfield <debian(a)herakles.homelinux.org> wrote:
>> So far as I can tell, and Ive been using RHL and its successors since
>> RHL 3.0.3, "caching nameserver" is a term invented by RH.
>
> I don't think so.
You mightn't, but I did a little googling.
If my memory is good the caching nameserver or cache only nameserver go
back a good deal further, maybe even before Linux. I'd have to dig out
old old versions of named and read the docs but I think it may even have
been used in the documentation of the time.
11:24 a.m.
On Mon, 2008-03-24 at 17:58 -0400, Matthew Saltzman wrote:
On Mon, 2008-03-24 at 16:09 -0600, Aaron Konstam wrote:
> On Mon, 2008-03-24 at 12:49 -0700, vincenzo romero wrote:
> > Hello all,
> >
> > I'm getting frustrated attempting to understand; I googled and asked
> > folks and am unable to get a straight answer.
> >
> > 1. How is the /etc/resolv.conf file maintained ? I do not seem to
> > get a consistent result when I save resolv.conf configuration from GUI
> > or by hand using vim /etc/resolv.conf.
> >
> > a. Sometimes I the entries toggles between the two entries:
> >
> > # generated by NetworkManager, do not edit!
> > ; Use a local caching nameserver controlled by NetworkManager
> > nameserver 127.0.0.1
> >
> > b. then when I restart the network services some the /etc/resolv.conf
> > file appears like this:
> > # generated by NetworkManager, do not edit!
> > ; Use a local caching nameserver controlled by NetworkManager
> > search lab.mycompany.com
> > nameserver 192.168.17.2
> >
> > This host is:
> >
> > - a DNS server that is authoritative for its domain within the
> > 192.168.16/20 network
> > - I believe that even as DNS server, this host should have its
> > resolv.conf file configured to define itself as a DNS server, right?
> >
> > I apologize for the naive questions, but I am a newbie and am unable
> > to gather a straightforward answer.
> >
> > thanks in advance.
> You really can't edit /etc/resolv.conf when you are using a DNS server.
> When you are connected to the network it is the DNS nameserver that sets
> up the resolv.conf file. In the first case above:
This isn't quite correct.
/etc/resolv.conf contains the IP addresses of your DNS servers.
This is a semantic
argument. We are talking about wireless. Until you
connect to the wireless router's AP the resolve.conf computer has no
idea about the name of your DNS server. The router supplies that form
the DNS server.
If you connect to your network with a DHCP server, that server provides
your IP address and it *may* provide information about DNS servers,
which your dhcp client will put in /etc/resolv.conf. It also may not,
or you may decline to use the provided information. Or you may connect
statically. In that case, you need to hand-edit /etc/resolv.conf or use
system-config-network to set static DNS servers.
> > # generated by NetworkManager, do not edit!
> > ; Use a local caching nameserver controlled by NetworkManager
> > nameserver 127.0.0.1
>
> you has not yet made a connection to the internet.
Network manager uses a DHCP client to get your DNS info and places it
in /etc/resolv.conf. If you decline to use that information, you
probably have installed a caching nameserver. In that case, its IP
address is 127.0.0.1
>
>
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
--
=======================================================================
That money talks, I'll not deny, I heard it once, It said "Good-bye. --
Richard Armour
=======================================================================
Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam(a)sbcglobal.net
10:29 a.m.
On Tue, 2008-03-25 at 10:24 -0600, Aaron Konstam wrote:
On Mon, 2008-03-24 at 17:58 -0400, Matthew Saltzman wrote:
> On Mon, 2008-03-24 at 16:09 -0600, Aaron Konstam wrote:
>
> > You really can't edit /etc/resolv.conf when you are using a DNS server.
> > When you are connected to the network it is the DNS nameserver that sets
> > up the resolv.conf file. In the first case above:
>
> This isn't quite correct.
>
> /etc/resolv.conf contains the IP addresses of your DNS servers.
This is a semantic argument. We are talking about wireless. Until you
connect to the wireless router's AP the resolve.conf computer has no
idea about the name of your DNS server. The router supplies that form
the DNS server.
Not semantics at all. DNS servers don't self-report--and in particular,
they don't reach out and edit clients' /etc/resolv.conf files. DHCP
servers can provide DNS server information to clients, or not. If it is
offered, DHCP clients can accept the information (and place it
in /etc/resolv.conf), or not. For static IP addresses and for DHCP
clients that don't get DNS info from the server, /etc/resolv.conf
contents must be created manually.
Clients are not required to use the local network's suggestions for DNS
servers--they can use any servers they can reach by IP address. (For
example, clients can run their own caching nameservers, and just use
127.0.0.1 as the DNS server IP.)
Some wireless routers will get their own IP addresses by DHCP from, say,
a DSL modem (which may in turn get its IP address and DNS server info
from the ISP). As a DHCP server, the modem may provide DNS server
information to the router. As a DHCP client, the router may accept that
information or the user may set it (and/or the router's IP address)
manually.
Having the router get DNS from the modem and provide it in turn to
clients is a pretty seamless way to go, and it is quite common
(particularly in home networks), but it is by no means required.
>
> If you connect to your network with a DHCP server, that server provides
> your IP address and it *may* provide information about DNS servers,
> which your dhcp client will put in /etc/resolv.conf. It also may not,
> or you may decline to use the provided information. Or you may connect
> statically. In that case, you need to hand-edit /etc/resolv.conf or use
> system-config-network to set static DNS servers.
>
> > > # generated by NetworkManager, do not edit!
> > > ; Use a local caching nameserver controlled by NetworkManager
> > > nameserver 127.0.0.1
> >
> > you has not yet made a connection to the internet.
>
> Network manager uses a DHCP client to get your DNS info and places it
> in /etc/resolv.conf. If you decline to use that information, you
> probably have installed a caching nameserver. In that case, its IP
> address is 127.0.0.1
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
9:56 a.m.
Aaron Konstam wrote:
On Mon, 2008-03-24 at 17:58 -0400, Matthew Saltzman wrote:
> On Mon, 2008-03-24 at 16:09 -0600, Aaron Konstam wrote:
>> On Mon, 2008-03-24 at 12:49 -0700, vincenzo romero wrote:
>>> Hello all,
>>>
>>> I'm getting frustrated attempting to understand; I googled and asked
>>> folks and am unable to get a straight answer.
>>>
>>> 1. How is the /etc/resolv.conf file maintained ? I do not seem to
>>> get a consistent result when I save resolv.conf configuration from GUI
>>> or by hand using vim /etc/resolv.conf.
>>>
>>> a. Sometimes I the entries toggles between the two entries:
>>>
>>> # generated by NetworkManager, do not edit!
>>> ; Use a local caching nameserver controlled by NetworkManager
>>> nameserver 127.0.0.1
>>>
>>> b. then when I restart the network services some the /etc/resolv.conf
>>> file appears like this:
>>> # generated by NetworkManager, do not edit!
>>> ; Use a local caching nameserver controlled by NetworkManager
>>> search lab.mycompany.com
>>> nameserver 192.168.17.2
>>>
>>> This host is:
>>>
>>> - a DNS server that is authoritative for its domain within the
>>> 192.168.16/20 network
>>> - I believe that even as DNS server, this host should have its
>>> resolv.conf file configured to define itself as a DNS server, right?
>>>
>>> I apologize for the naive questions, but I am a newbie and am unable
>>> to gather a straightforward answer.
>>>
>>> thanks in advance.
>> You really can't edit /etc/resolv.conf when you are using a DNS server.
>> When you are connected to the network it is the DNS nameserver that sets
>> up the resolv.conf file. In the first case above:
> This isn't quite correct.
>
> /etc/resolv.conf contains the IP addresses of your DNS servers.
This is a semantic argument. We are talking about wireless. Until you
connect to the wireless router's AP the resolve.conf computer has no
idea about the name of your DNS server. The router supplies that form
the DNS server.
If you semantic you mean wrong, yes. The DNS server supplies *NOTHING*, the
DHCP server supplies whatever setting it has for the DNS entry.
If you are using static ip and DNS servers you *MUST* edit your resolv.conf to
point to the proper DNS server, so your original statement of "You really can't
edit /etc/resolv.conf when you are using a DNS server." is just completely
wrong. Using a DNS server has nothing to do with whether you can edit the
resolv.conf file or not, using a DHCP server does, as the dhcp client sets it
based on what the DHCP server tells it, and if you edit the resolv.conf while
using at DHCP server then you will have issues.
Roger
8:47 a.m.
John Summerfield wrote:
So far as I can tell, and Ive been using RHL and its successors since
RHL 3.0.3, "caching nameserver" is a term invented by RH.
We were using that term long before Linux was around, like back in the days
of SunOS 4.x, early Solaris 5, Digital Ultrix, DEC OSF, etc.
--
Mike Iglesias Email: iglesias(a)uci.edu
University of California, Irvine phone: 949-824-6926
Network & Academic Computing Services FAX: 949-824-2069
6:48 a.m.
Bruno Wolff III wrote:
--
Cheers
John
-- spambait
1aaaaaaa(a)coco.merseine.nu Z1aaaaaaa(a)coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
On Tue, Mar 25, 2008 at 16:40:59 +0900,
John Summerfield <debian(a)herakles.homelinux.org> wrote:
> So far as I can tell, and Ive been using RHL and its successors since
> RHL 3.0.3, "caching nameserver" is a term invented by RH.
I don't think so.
You mightn't, but I did a little googling.
8000 hits on "caching nameserver."
Down to 12,400 when I excluded rpm (which is certainly a Red Hat
invention), "Red Hat" Redhat, Fedora, and 1850 when I added in debian,
83 when I used slackware instead of debian.
Not proof maybe, but solid evidence I think.
> Whatever, it describes a name server that is authoritative for no zones.
It does iterative lookups rather than publish information. Typically it
is a good idea to separate dns caches from dns publishers.
Why?
> Generally speaking, every DNS caches. _My_ DSNs are responsible for some
> domains such as office.lan, demo.roon and so on, may refer to other
> nameservers I maintain and either refer to my IAP's DNS for public
If a server is just a publisher it doesn't need to cache data data from
other domains (than it is authoritative for).
Whether one uses it that way depends in large measure on the size of the
owning organisation. I suggest there are more small organisations than
large ones.
Anyone who's using AD on Windows is running an authoritative DNS, and
since client software, on Windows, Linux or anything else, only knows to
use one DNS: while it might know of more than one, the rule is to use
the first one that replies, and to only ask the next when one doesn't
respond. Consequently, an AD DNS[1] will be authoritative for the
domain, but caching the rest of the world.
[1] It is possible to configure a Windows domain to use a different DNS,
but I don't think that is usual or would give better reliability.
3:49 a.m.
On Tue, Mar 25, 2008 at 16:40:59 +0900,
John Summerfield <debian(a)herakles.homelinux.org> wrote:
So far as I can tell, and Ive been using RHL and its successors since
RHL 3.0.3, "caching nameserver" is a term invented by RH.
I don't think so.
Whatever, it describes a name server that is authoritative for no
zones.
It does iterative lookups rather than publish information. Typically it
is a good idea to separate dns caches from dns publishers.
Generally speaking, every DNS caches. _My_ DSNs are responsible for
some
domains such as office.lan, demo.roon and so on, may refer to other
nameservers I maintain and either refer to my IAP's DNS for public
If a server is just a publisher it doesn't need to cache data data from
other domains (than it is authoritative for).
6:10 p.m.
On Mon, 2008-03-24 at 15:21 -0700, vincenzo romero wrote:
thank you for the responses ... and Matthew I think it is getting
clearer now .... however you mention:
> you
> probably have installed a caching nameserver.
i used the Bind Configuration tool; initially when it generates the
DNS records files, the configuration is caching nameserver; however,
when I imported my hosts file, it automatically also created addition
zones which includes my domain - lab.mycompany.com. I checked my
/etc/named.conf configuration against a sample configuration URL and
compared a "caching" vs "standard DNS" and it seems like I have the
standard DNS configured ...
can someone pls confirm that the info I am following is correct?
(source: http://www.linux-sxs.org/internet_serving/dns.html#common)
1. CACHING:
===========
/etc/named.conf(CACHING ONLY Configuration)
#----------------------------------------------
[...]
I'm no bind expert, so I can't really comment. But caching nameserver
seems to be the default configuration provided by the bind package in
F8.
$ sudo cat /etc/named.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
5:21 p.m.
thank you for the responses ... and Matthew I think it is getting
clearer now .... however you mention:
--
best,
Vince
you
probably have installed a caching nameserver.
i used the Bind Configuration tool; initially when it generates the
DNS records files, the configuration is caching nameserver; however,
when I imported my hosts file, it automatically also created addition
zones which includes my domain - lab.mycompany.com. I checked my
/etc/named.conf configuration against a sample configuration URL and
compared a "caching" vs "standard DNS" and it seems like I have the
standard DNS configured ...
can someone pls confirm that the info I am following is correct?
(source: http://www.linux-sxs.org/internet_serving/dns.html#common)
1. CACHING:
===========
/etc/named.conf(CACHING ONLY Configuration)
#----------------------------------------------
#This file must be named named.conf and be in /etc
#It is used by the "named" daemon to determine the basic configuration
and what files contain the details
options { #Global DNS settings
directory "/var/named"; #tells DNS to use the listed directory for
other config files
#forward first; #check the "forwarders" before doing any resolution
#forwarders { # list of domain servers the check ("local" DNS)
#10.150.22.7; #internal DNS server for company
#};
};
zone "." { #Settings for the ROOT ZONE
type hint; #Specifies this as the ROOT ZONE type
file "root.hints"; #File that containing links to the ROOT SERVERS
(/var/named/root.hints)
};
zone "0.0.127.in-addr.arpa" { #Used for reverse lookup (ie IP Address to Name)
#notice it is your network address backwards+"in-addr.arpa"
#So this is for 127.0.0 network
type master; #Specifies this as a MASTER ZONE
file "pz/127.0.0"; #File that contains the details for this zone
(/var/named/pz/127.0.0)
};
2. STANDARD:
=============
/etc/named.conf(Standard Configuration)
#----------------------------------------------
#This file must be named named.conf and be in /etc
#It is used by the "named" daemon to determine the basic configuration
and what files contain the details
options { #Global DNS settings
directory "/var/named"; #tells named where to find the rest of the config files
#forward first; #check the "forwarders" before doing any resolution
#forwarders {# list of domain servers the check ("local" DNS)
#10.150.22.7; #internal DNS server for company
#};
};
zone "." { #Settings for the ROOT ZONE
type hint; #Specifies this as the ROOT ZONE type
file "root.hints"; #File that containing links to the ROOT SERVERS
(/var/named/root.hints)
};
zone "0.0.127.in-addr.arpa" { #Used for reverse lookup (ie IP Address to Name)
#notice it is your network address backwards+"in-addr.arpa"
#So this is for 127.0.0 network
type master; #Specifies this as a MASTER ZONE
file "pz/127.0.0"; #File that contains the details for this zone
(/var/named/pz/127.0.0)
};
zone "e-i-s.cc" { #Your zone name (domain name)
notify no; # notify is used with master/slave DNS servers. Not
necessary for one DNS svr.
type master; # Specify this as a MASTER ZONE
file "pz/e-i-s.cc"; #File that contains details for this zone
(/var/named/pz/e-i-s.cc)
};
zone "10.133.10.in-addr.arpa" { #Again-Reverse Lookup
type master; #Again-MASTER ZONE
file "pz/10.133.10"; #Again-Details file. (/var/named/pz/10.133.10)
};
5:09 p.m.
On Mon, 2008-03-24 at 12:49 -0700, vincenzo romero wrote:
Hello all,
I'm getting frustrated attempting to understand; I googled and asked
folks and am unable to get a straight answer.
1. How is the /etc/resolv.conf file maintained ? I do not seem to
get a consistent result when I save resolv.conf configuration from GUI
or by hand using vim /etc/resolv.conf.
a. Sometimes I the entries toggles between the two entries:
# generated by NetworkManager, do not edit!
; Use a local caching nameserver controlled by NetworkManager
nameserver 127.0.0.1
b. then when I restart the network services some the /etc/resolv.conf
file appears like this:
# generated by NetworkManager, do not edit!
; Use a local caching nameserver controlled by NetworkManager
search lab.mycompany.com
nameserver 192.168.17.2
This host is:
- a DNS server that is authoritative for its domain within the
192.168.16/20 network
- I believe that even as DNS server, this host should have its
resolv.conf file configured to define itself as a DNS server, right?
I apologize for the naive questions, but I am a newbie and am unable
to gather a straightforward answer.
thanks in advance.
You really can't edit /etc/resolv.conf when you are using a
DNS server.
When you are connected to the network it is the DNS nameserver that sets
up the resolv.conf file. In the first case above:
# generated by NetworkManager, do not edit!
; Use a local caching nameserver controlled by NetworkManager
nameserver 127.0.0.1
you has not yet made a connection to the internet.
4:58 p.m.
On Mon, 2008-03-24 at 16:09 -0600, Aaron Konstam wrote:
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
On Mon, 2008-03-24 at 12:49 -0700, vincenzo romero wrote:
> Hello all,
>
> I'm getting frustrated attempting to understand; I googled and asked
> folks and am unable to get a straight answer.
>
> 1. How is the /etc/resolv.conf file maintained ? I do not seem to
> get a consistent result when I save resolv.conf configuration from GUI
> or by hand using vim /etc/resolv.conf.
>
> a. Sometimes I the entries toggles between the two entries:
>
> # generated by NetworkManager, do not edit!
> ; Use a local caching nameserver controlled by NetworkManager
> nameserver 127.0.0.1
>
> b. then when I restart the network services some the /etc/resolv.conf
> file appears like this:
> # generated by NetworkManager, do not edit!
> ; Use a local caching nameserver controlled by NetworkManager
> search lab.mycompany.com
> nameserver 192.168.17.2
>
> This host is:
>
> - a DNS server that is authoritative for its domain within the
> 192.168.16/20 network
> - I believe that even as DNS server, this host should have its
> resolv.conf file configured to define itself as a DNS server, right?
>
> I apologize for the naive questions, but I am a newbie and am unable
> to gather a straightforward answer.
>
> thanks in advance.
You really can't edit /etc/resolv.conf when you are using a DNS server.
When you are connected to the network it is the DNS nameserver that sets
up the resolv.conf file. In the first case above:
This isn't quite correct.
/etc/resolv.conf contains the IP addresses of your DNS servers.
If you connect to your network with a DHCP server, that server provides
your IP address and it *may* provide information about DNS servers,
which your dhcp client will put in /etc/resolv.conf. It also may not,
or you may decline to use the provided information. Or you may connect
statically. In that case, you need to hand-edit /etc/resolv.conf or use
system-config-network to set static DNS servers.
> # generated by NetworkManager, do not edit!
> ; Use a local caching nameserver controlled by NetworkManager
> nameserver 127.0.0.1
you has not yet made a connection to the internet.
Network manager uses a DHCP client to get your DNS info and places it
in /etc/resolv.conf. If you decline to use that information, you
probably have installed a caching nameserver. In that case, its IP
address is 127.0.0.1
9:12 a.m.
On Tue, Mar 25, 2008 at 20:48:35 +0900,
John Summerfield <debian(a)herakles.homelinux.org> wrote:
Bruno Wolff III wrote:
>On Tue, Mar 25, 2008 at 16:40:59 +0900,
> John Summerfield <debian(a)herakles.homelinux.org> wrote:
>>So far as I can tell, and Ive been using RHL and its successors since
>>RHL 3.0.3, "caching nameserver" is a term invented by RH.
>
>I don't think so.
You mightn't, but I did a little googling.
8000 hits on "caching nameserver."
Down to 12,400 when I excluded rpm (which is certainly a Red Hat
invention), "Red Hat" Redhat, Fedora, and 1850 when I added in debian,
83 when I used slackware instead of debian.
Not proof maybe, but solid evidence I think.
Well I give you at least evidence. dnscache only goes back to 1999 and
RHL 3.0.3 is from 1996. But I would want to see what terminology was
used by the bind/named project before coming to a conclusion.
>
>>Whatever, it describes a name server that is authoritative for no zones.
>
>It does iterative lookups rather than publish information. Typically it
>is a good idea to separate dns caches from dns publishers.
Why?
DJB's reponse is:
http://cr.yp.to/djbdns/separation.html
I think the short answer is that it makes it easier to secure things and
makes mistakes less costly.
>>Generally speaking, every DNS caches. _My_ DSNs are
responsible for some
>>domains such as office.lan, demo.roon and so on, may refer to other
>>nameservers I maintain and either refer to my IAP's DNS for public
>
>If a server is just a publisher it doesn't need to cache data data from
>other domains (than it is authoritative for).
Whether one uses it that way depends in large measure on the size of the
owning organisation. I suggest there are more small organisations than
large ones.
Anyone who's using AD on Windows is running an authoritative DNS, and
since client software, on Windows, Linux or anything else, only knows to
use one DNS: while it might know of more than one, the rule is to use
the first one that replies, and to only ask the next when one doesn't
respond. Consequently, an AD DNS[1] will be authoritative for the
domain, but caching the rest of the world.
The one that does the caching does not have to be the same one that does
the publishing. Clients only need to know about the caching one (excepting
some of the AD cases where apps publish records to advertise local
services), the caching one can find the local published information either
by starting at the root or by being told about where to look for local
domain information. Having servers publish records in DNS is not good from
a security perspective but people do it. If you are stuck with that, you
should try to have a separate domain for these updates to limit the damage
if one of those servers does something bad.
[1] It is possible to configure a Windows domain to use a different
DNS,
but I don't think that is usual or would give better reliability.
5873
days inactive
5875
days old
19 comments
8 participants
participants (8)
-
Aaron Konstam -
Alan Cox -
Bruno Wolff III -
John Summerfield -
Matthew Saltzman -
Mike Iglesias -
Roger Heflin -
vincenzo romero