[NTLUG:Discuss] IPMasquerading - ppp

[David]

On Tue, May 13, 2003 at 04:22:35PM -0500, terry wrote:
> Richard Humphrey wrote:
> >You can run a caching nameserver that caches all of the DNS requests that
> >are made from your network and saves them locally so that it can check the
> >local DNS cache first and effectively speed up requests. I am sure there is
> >more to it than that, but that is the gist of it. Someone feel free to
> >expound on that if necessary as I am no expert. Are the DNS settings on 
> >both
> >machines the same?

Not sure if it will fix this problem or not, but I use Thomas Moestl's
program "pdnsd" on my gateway system for just this purpose.  It has
several significant advantages for me:

  * the configuration file is simple

  * it caches results locally for time periods that I specify, even if
    that's more or less than what the domain owner specified.

  * pdnsd can serve entries from /etc/hosts, which makes updating my
    internal host list much easier

  * it's not "Bind" (named), which is widely targeted for attacks by
    crackers because it is so widely used.

  * it doesn't run as "root", so even if a cracker does get in, they
    don't get much privilege.

  * it only listens on my internal ethernet address, not on my
    external ISP-given address.  Thus it can only be attacked from
    inside.

  * when it does a query, it queries only the servers that I designate
    (my ISP's official servers) and only accepts responses from them.


Pdnsd is no longer actively maintained by the original author, but
Paul Rombouts has cleaned up a few issues.  Paul also provides RPM
packages.  I'm actually running Moestl's original, but in my
experience, it has been stable like Gibraltar.

Thomas Moestl's original:   <http://home.t-online.de/home/Moestl/>

Paul Rombouts update:  <http://www.phys.uu.nl/~rombouts/pdnsd.html>

-- 
David Hayes
david at hayes-family.org