[NTLUG:Discuss] IPMasquerading - ppp

Jack Snodgrass jack+ntlug at mylinuxguy.net
Sat Jun 21 22:14:21 CDT 2003 

On Sat, 21 Jun 2003 12:22:36 -0500, David wrote:

> On Tue, May 13, 2003 at 04:22:35PM -0500, terry wrote:
>> Richard Humphrey wrote:
>> >You can run a caching nameserver that caches all of the DNS requests that
>> >are made from your network and saves them locally so that it can check the
>> >local DNS cache first and effectively speed up requests. I am sure there is
>> >more to it than that, but that is the gist of it. Someone feel free to
>> >expound on that if necessary as I am no expert. Are the DNS settings on 
>> >both
>> >machines the same?
> 
> Not sure if it will fix this problem or not, but I use Thomas Moestl's
> program "pdnsd" on my gateway system for just this purpose.  It has
> several significant advantages for me:
> 
>   * the configuration file is simple
> 
>   * it caches results locally for time periods that I specify, even if
>     that's more or less than what the domain owner specified.
> 
>   * pdnsd can serve entries from /etc/hosts, which makes updating my
>     internal host list much easier
> 
>   * it's not "Bind" (named), which is widely targeted for attacks by
>     crackers because it is so widely used.
> 
>   * it doesn't run as "root", so even if a cracker does get in, they
>     don't get much privilege.
> 
>   * it only listens on my internal ethernet address, not on my
>     external ISP-given address.  Thus it can only be attacked from
>     inside.
> 
>   * when it does a query, it queries only the servers that I designate
>     (my ISP's official servers) and only accepts responses from them.
> 
> 
> Pdnsd is no longer actively maintained by the original author, but
> Paul Rombouts has cleaned up a few issues.  Paul also provides RPM
> packages.  I'm actually running Moestl's original, but in my
> experience, it has been stable like Gibraltar.
> 
> Thomas Moestl's original:   <http://home.t-online.de/home/Moestl/>
> 
> Paul Rombouts update:  <http://www.phys.uu.nl/~rombouts/pdnsd.html>


Just want to second this pdnsd thing.. I've found it very useful. You can 
use it to supply dns lookups for your 'private.net' ( via /etc/hosts 
entries ) and then forward to an ISP for normal DNS request. 

jack

More information about the Discuss mailing list