[Dnsmasq-discuss] Help Req: Name server discovery
/dev/rob0
rob0 at gmx.co.uk
Sat May 31 22:35:30 BST 2008
On Sat May 31 2008 16:07:59 Brandon Beck wrote:
> Also, have you considered setting up your own local, caching DNS
This is probably the best option overall, because it offers protection
against the marketers and PHB's who occasionally get the idea to hijack
all NXDOMAIN responses. With dnsmasq for authoritative NS on internal
names, forwarding to BIND named on another port for external names,
it's not difficult to set this up on the same machine.
Most distributors provide a named.conf which works out of the box as a
caching resolver. The only thing you must change is the port, in the
options section:
port 35;
You can also restrict it to localhost only if desired. If using
SELinux, you'd have to tweak your policy to allow this.
In dnsmasq.conf these options are needed:
no-resolv
server=127.0.0.1#35
This tells dnsmasq to ignore resolv.conf and to refer all queries to a
nameserver at 127.0.0.1 port 35. It might also be a good idea to reduce
the "cache-size", because you don't need both named and dnsmasq caching
the same data.
Finally, resolv.conf needs this line ONLY (a search line is optional,
but it's important to have NO other nameserver lines):
nameserver 127.0.0.1
and if you're using DHCP or PPP, your DHCP client or pppd must be
prevented from overwriting your resolv.conf file.
At this point your DNS worries should be over forever, or at least
until you upgrade your OS. :)
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
More information about the Dnsmasq-discuss
mailing list