default DNS caching name server on Fedora ?

John Ellson john.ellson at comcast.net
Wed Jun 20 18:28:19 UTC 2012 

Simo,

For the VPN scenario I've been happily using "dnrd" for some time.

I use it to steer DNS requests for "mycompany.com"  to the
company's  DNS servers, and all other DNS requests to the
external servers.

Unlike just adding the company DNS servers to /etc/resolv.conf,
this never uses the company's DNS for external domain
resolution, even if the primary ISP's DNS servers are down.

I also use routing to steer company traffic to the VPN, and
the rest to my default route.

John

On 06/20/2012 11:47 AM, Simo Sorce wrote:
> Ok, I guess this topic has been brought up before, but I think some
> things changed recently that would warrant seriously considering adding
> a default caching name server in fedora installs.
>
> There are at least 2 situations where it is needed, and they are common
> or will be common enough.
>
> The 2 use cases for which a properly configurable and dynamically
> changeable caching DNA name server would be really useful are:
> - DNSSEC verification
> - Clients using VPNs into private networks.
>
> The first case is already in the works, and the reason it needs a
> caching DNS name server is the complexity of dealing with DNSSEC
> verification. I won't spend time on that except for saying this effort
> should be part of a unified solution.
>
> The second case is what is really hurting me.
> I have my own DNS server at home that resolves address only for my
> private network, and forwards any other request.
>
> When I connect to my employer VPN however I need to use their DNS server
> to resolve their internal machines, the same happens to pretty much any
> other VPN service I have used. Also I do not need to route all DNS
> traffic in the VPN for all web sites, mostly for performance reasons,
> but also for privacy reasons.
>
> This could be easily solved if we have a caching DNS server that can be
> dynamically change to forward DNS requests to the proper DNS server only
> for the private domains they provide.
>
> A good name caching server would forward all .redhat.com DNs request top
> the DNS addresses provided by the VPN connection, all my .home addresses
> to my local DNS server (provided by dhcp) and perhaps all other
> addresses to a configurable 'default DNS server'.
>
> Of course for this to work properly we need some level of integration
> between Network Manager and the DNS caching server so that the dynamic
> configurations can be pushed in/out when the related networks come
> up/down.
>
> Discuss.
>
> Simo.
>

More information about the devel mailing list