name server via dhcp, but don't want dhcp assigned addresses
Joel Rees
joel.rees at gmail.com
Tue Sep 22 05:31:01 UTC 2009
On Mon, 21 Sep 2009 17:37:12, Sam Varshavchik replied,
> Joel Rees writes:
>
>> The WAN side of the router runs dhcp to my ISP, and gets the dns
>> server addresses by dhcp, as well.
>
>
> Check your router's documentation. The way that 99% of these
> routers are set up, is that they run a caching nameserver
> internally, and on the local LAN they give their own IP address as
> the DNS server's address, via DHCP.
Well, yeah, it does that. That is, I think the one page of docs said
that it did, and I think I remember testing it when I first got it
six or seven years ago. (Sure didn't expect to be using it this
long.) Small cache, but shouldn't be so small that I would notice
delays or anything, even on a big YUM update.
It's a black box, if it's using open source, and if NEC has published
the source, they sure haven't made it easy to find it. Probably
closed source. I seem to be able to telnet in, but it doesn't
recognize any command I give it except "quit". (or was it "goodbye?")
I don't really trust it, if I could afford the money and time to
replace it with something I could load openBSD on, I would. (Come to
think of it, it's rental, I should be able to justify the cost of
replacement by how much it has cost to rent it all this time.)
I guess, if I trust it to route, and if I can't shut the DNS function
off, I might as well trust the DNS function as well. If somebody gets
far enough into it to do a MIM on the DNS function, they can probably
MIM the routes as easily.
>> In the past, the ISP had told us to set the primary and secondary
>> dns server addresses statically, so I had the router set to serve
>> dhcp with those address. But I have also set the dns primary and
>> secondary server addresses for all the boxes by hand to the dns
>> servers
>
>
> Chances are that this is unnecessary. You should've just set your
> servers to use your router as the DNS server.
It was the ISP's original recommendation.
>> So, my problem is that I need to tell each Fedora box to accept
>> the DNS server addresses provided by the DHCP server (the router,
>> actually, which worries me), but not ask for a host IP address for
>> itself, but the GUI dialogs in current Fedora don't provide that
>> as an option.
>
>
> Why don't you test setting your server as full blown DHCP client,
> and see what DNS address your router gives you for your DNS server.
> Chances are that it's your router's IP address. In which case you
> just need to configure your servers to use a static DNS server on
> your router's IP address.
The ISP recommends leaving the DNS addresses to be set via DHCP,
rather than setting the router as the DNS server. Not that
recommendations for the average customer are the only way to do
things, of course.
Well, since I seem to be able to set the Macs on the network to keep
a static host IP address and use the DNS server addresses passed
along by the DHCP server, I was hoping I could do that with the
graphical UI stuff on Fedora. Or even with /etc/dhclient.conf. (Not
really seeing how yet from the man pages, so now I'm wondering if
that's actually part of the standard.)
OK. Thanks for pushing me to think a little further about the
implications of trusting the router. (And about whether I should
consider investing in a router I can control, as an investment
against the cost of more rent.)
Joel Rees
More information about the fedora-list
mailing list