Domain: thekelleys.org.uk
Stories and comments across the archive that link to thekelleys.org.uk.
Comments · 23
-
Re:No problem!
dnsmasq works for ipv6 addresses over ipv6 connections.
-
Re:Detect and fix DNS hijacks locally?
I use dnsmasq on my router, you could use it locally as well. It has a --bogus-nxdomain=<ipaddr> option that you can use for this purpose.
-
DNSMasq
DNSMasq. Nuff said.
-
Fix dnsmasq + level3
dnsmasq, avalable in most distrobutions, is a light weight dns server that you can tell the ips of bogus NXDomain sends and will turn them back to what they should be. You can also point your computers to level3's free dns service at 4.2.2.3 4.2.2.4 4.2.2.5 4.2.2.6
-
Re:speed is everything?
My experience with Firefox somehow differs a bit from yours. I used to see Firefox spend a lot of time in DNS queries for *everything*. Even if it's a host I just visited about a minute before. As a result I set up dnsmasq running on my computer and modified
/etc/hosts so that every query goes through the local DNS cache. It's been working pretty well since. The wait time is dramatically reduced.Of course Firefox is not all to blame for the slow DNS but it shouldn't be making queries *that* often either, IMHO.
I guess it's possible to modify some key/value pair in about:config to tell Firefox how long it should keep the entries in its hostname cache. But I'm too lazy to search for that
;)Firefox loads a page up pretty fast after the DNS query is made, though. I don't think the speed is astonishingly fast but it's enough for me.
-
Use dnsmasq
-
Work-arounds
dnsmasq claims to be able to convert these bogus A records back to NXDOMAIN errors, at least for a single IP address (see the --bogus-nxdomain option.)
Alternatively, it couldn't be that hard to a resolv.conf option to something similar, could it?
-
DNSMasq
Can easily be fixed if you run a local DNSMasq server (i.e. DD-WRT, OpenWRT) http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2006q4/000920.html
-
Use dnsmasq on your router
My ISP (Embarq DSL) does this too. But since I'm using DD-WRT on my router, I can bypass it. DD-WRT includes dnsmasq for DNS forwarding, and ever since Network Solutions tried the same scam on the entire
.com TLD a while back, dnsmasq has included the option (bogus-nxdomain) to specify IP addresses that, when returned from upstream DNS, result in a "no such domain" error being returned to your computer. -
Re:Dynamic Host Configuration Protocol
Or, you can simply use DNSMasq
-
Re:workaroundthink about running an old pc as dns server which in turn forwards requests to the dns servers of your provider I run dnsmasq on my router... no old pc needed.
(Then again, all my computers run some form of *nix so I don't have the problem. Just mentioning that you don't need a separate pc for dns.) -
Re:Recommended: dnsmasq
I don't know what's wrong with dnsmasq+exim (and I'm too lazy to search google), but dnsmasq is under very active development and has fixed a lot of bugs, some esotheric, some really nasty. Details are in the changelog. Perhaps the trouble with exim has already been solved. You may want to give dnsmasq a second chance.
;-)I still use sendmail from Slackware 8 in my LAN, it just works, with both my now disabled bind and with dnsmasq 2.something. I want to change to some other mailer, but I've not yet found the time to learn and install exim or postfix.
Tux2000
-
Recommended: dnsmasq
For small networks, I recommend using dnsmasq. It's a combined DHCP server and DNS server/proxy intended for use on a masquerading gateway that can run nearly without any configuration. Add your mac addresses to
/etc/ethers for fixed IP adresses, add your hostnames to /etc/hosts, finito. There is no need to fiddle with to big servers (bind and ISC dhcpd). I use it on my (heavily modified) WRT54G with about 10 to 20 systems without any problems.Tux2000
-
Theo's rewriting history on this one.
I worked for six months to get Atmel to release their firmware under a licence which allowed redistribution. That was for use with the Linux atmel_cs driver. And I collaborated with Manuel Estrada Sainz to add the hotplug firmware loading code to Linux, to avoid violating the GPL by linking Atmel's proprietary stuff with the kernel. And I built and distributed packages of the firmware. And all of this is a piss-poor alternative to just releasing the source!
-
Re:Flexibility. Or the art of Harry?
If you had your linux box; it sounds like you would want dnsmasq
" It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of diskless machines."
I have used it more than once and been quite happy. I believe it even comes with some of the firewall distros like ipcop, but I had to add it to a mandrake 10 box.
-
Re:De Facto
You might find dnsmasq useful, depending on the size of that network. Local DNS, recursive lookups, and DHCP rolled into one convenient package.
-
For small office/home networks...which is where I do most of my work.
- dnsmasq - A DHCP+DNS server that is simple to configure, lets you set up names for local machines and local services, lets you block external names of your choice, etc, etc
- masqmail - A mail server for machines with intermittent connections to the internet (dialup, laptops, wireless)
- Xmail - A slightly bigger mail server for when you want to run your own domain. Linux and Windows.
- Icewm - The window manager for people who want to get their work done
- Bluefish - Text/HTML/Perl/PHP/Java/etc editor that just works.
-
Nope
If you read the text you just linked to, it clearly states that yes, you still need to install the daemontools stuff even if you don't use it to start the daemon.
I would have installed djbdns if it wasn't for that.
In the end, I only needed a local caching forwarding DNS server, so I went with dnsmasq instead. -
dnsmasq has a fix
here.
version 1.16 is ok.
others have fixes, too, you can find them in this place.
hope I have helped, -
Re:Useful In Blocking Verisign?
A better solution is to use something like dnsmasq, which is capable of blocking VeriSign's wildcard responses directly. This way, you'll get a proper NXDOMAIN response. This should be perfectly usable under MacOSX, since it's just a straight-up Unix daemon.
-
Re:Bug your ISP
Or if you get bored you could try dnsmasq and block the sitefinder yourself. As of yesterday dnsmasq has had the option to return NXDOMAIN when it recieved the 64.94.110.11 address (or any others you choose)
-
Nameservers for Linux and *BSDevilpenguin wrote:
BTW, what alteratives to BIND exist for Linuxand *BSD? I actually don't know and would like to know.
There are now a number of alternative packages that may have advantages for many deployments. E.g.:
MaraDNS is a general-purpose, fast DNS server package (doing recursive, authoritative, and caching roles, plus fully supporting zone transfers):
http://www.maradns.org/pdnsd is a small caching-only DNS server with a disk-based cache, suitable for small networks and workstations:
http://home.t-online.de/home/Moestl/Dnsmasq is a small authoritative and caching DNS server for a group of NATted / IPmasqued machines (optionally pulling names from DHCP leases):
http://www.thekelleys.org.uk/dnsmasq/DNRD is a small caching-only DNS server for NAT / IPmasq networks:
http://dnrd.nevalabs.org/MyDNS is a MySQL-based authoritative and caching server (no recursive service) suitable for very large sites. In such roles, it's faster and more responsive than BIND9, even though the latter uses a RAM-based cache:
http://mydns.bboy.net/ldapdns implements the same idea, except out of an LDAP database. Again, much faster than BIND9:
http://nimh.org/code/ldapdns/GnuDIP is an authoritative server for Dynamic DNS:
http://gnudip2.sourceforge.net/gnudip-www/NSD is a high-performance authoritative-only daemon:
http://www.nlnetlabs.nl/nsd/PowerDNS (open source as of 2002-11-25) is an authoritative-only daemon with a modular structure supporting various back-end information stores such as SQL databases (MySQL, PostgreSQL, Oracle 8i, Oracle 9i, IBM DB2, and others via ODBC), BIND zonefiles and other file formats, and LDAP directories. Supports AXFR zone transfers.
http://www.powerdns.com/products/powerdns/CustomDNS is a authoritative-only daemon for both static addresses and its variant form of dynamic DNS:
http://customdns.sourceforge.net/lbnamed is a similar authoritative-only daemon for static and dynamic information, with a load-balancing multi-machine architecture:
http://www.stanford.edu/~riepel/lbnamed/Posadis is another fast authoritative-only daemon:
http://posadis.sourceforge.net/dents is another general-purpose DNS server, but is perenially unfinished, and is probably dead, at this point:
http://sourceforge.net/projects/dents/Pliant DNS Server is another general-purpose DNS server, although it may not support zone transfers:
http://pliant.cx/pliant/protocol/dns/Yaku-NS is another small, fast general-purpose DNS server:
http://www.kyuzz.org/antirez/ens.htmlTwisted Names is an authoritative and caching DNS server, written in Python:
http://twistedmatrix.com/documents/howto/namesOak DNS Server is an authoritative and caching DNS server, supporting dynamic DNS updates and AAAA records. It's written in Python, and doesn't need to run privileged:
http://www.digitallumber.com/oakdnsjava is a minimal, authoritative-only server, a resolver library, and a set of DNS utilities, all written in Java:
http://www.xbill.org/dnsjava/Related:
FireDNS is a client library for DNS requests, with emphasis on speed and asynchronous processing. Written in C, and has low-timeout blocking functions. Can be used to relace standard libc resolver library functions like getbyhostname with much faster equivalent code:
http://ares.penguinhosting.net/~ian/GNU adns is a resolver library for C (and C++) programs, and a collection of useful DNS resolver utilities:
http://www.chiark.greenend.org.uk/~ian/adns/Proprietary packages include:
UltraDNS (UltraDNS Corporation)
djbdns/tinydns
ATLAS (Verisign)
BINDPlus (Information Network Eng. Group, Inc.)
Global Name Service (Nominum, Inc.)
NeDNS (Neteka, Inc.)I maintain this list at http://linuxmafia.com/~rick/linux-info/dns-server
s Rick Moen
rick@linuxmafia.com -
Re:BIND
Maybe I just haven't bothered to look hard enough,
Like maybe an actual search?
but I didn't know there were any other Open Source name servers out there.
You mean, like these?
djbdns doesn't count and we both already know that
Ah, I see. It's not "Open Source" software because it isn't published under an "Open Source" license, right? (sigh) Dan Bernstein is a total security freak. He doesn't trust ANYBODY. He especially doesn't trust anybody to distribute modified, binary versions of his software, ruining his reputation when one of their "enhancements" results in a security hole. This already happened once when a Qmail add-on was discovered to have a security problem, and thereby tarnished Qmail's otherwise perfect security record.
So he ONLY authorizies distribution of his ORIGINAL source code. No modifications allowed, except as diffs to the originals. And if you apply those diffs and something breaks, don't blame him; blame the author of the diff.
You might disagree with Dan; he's a hard-nosed, inflexible so-and-so. But he's got style, and his programs are a beautiful model of efficiency.
The Open Source community could use a few more people like Dan.
and we both already know that so don't bother with beating that dead horse.
Such Style! Such Wit! Such Argument! Such Rhetoric! Such Unquestionable Authority!
Such a sterling example of my sigfile: