On Mon, Jul 14, 2008 at 12:19 PM, Scott Silva ssilva@sgvwater.com wrote:
I just played with one of my test vmware ipcop images and set it to dhcp on our internal network (which should simulate your natted connection through your adsl modem) for the red interface and I was able to dig +trace google.com with proper answers. So it is possible to get it working unless your ISP blocks DNS queries to anywhere else but their own servers.
<snip>
Just played with the vmware box again. It won't resolve to itself, so forget putting the localhost address in the dns servers box. The other box I played with had a secondary address as a fallback and that is why it was working.
I think for the dig +trace to work for you you need a box that will do full recursion as your upstream DNS server. I had mine pointed to our caching resolver and I saw the queries log there.
I would forget about setting nameservers in your adsl modem as I doubt it has a very large cache so it will expire entries quickly. If you point your ipcop's dns entries to opendns or another free resolver you should be good to go.
I have it working, with one glitch (cannot get to the IPCop web interface from my Desktop) in the Backup IPCop box. Yesterday, I installed a different HD, ran Diagnostics on that, ran Memtest 86 and then did a clean install of IPCop 1.4.16 from the CD I made last year. Last night, with some difficulty, I was able to connect to the IPCop box with the web browser, change the settings for SSH in it, but I could not browse. There was no resolution. This morning, I noticed when it booted there was a message, "Bad Default Gateway". Previously, "Default Gateway" was blank. In the IPCop box, where it has "DNS & Gateway" settings, I have the 2 IP addresses to access the opendns.com DNS service (they have DNS servers in 4 U.S. cities and in London as I recall) and after I changed "Default Gateway" to 192.168.1.1 (the ADSL modem) I was online. :-)
Not sure why I am not able to get to it via the web browser on my Desktop. Also, last night, when I was able to access the IPCop box with the web browser, I noticed that it is on IPCop v.1.4.16, but it said that there are no updates available. I know there are two (2) updates available, to bring it up to 1.4.18.
So, with your help and the help of others, all greatly appreciated, I have a Caching DNS Server working on my IPCop box and I have also discontinued using the problematic DNS Servers at my ISP. :-) Thanks much, to everyone who provided ideas. and guidance!
It's running Headless now and I think the HW in that box is OK, with the probable exception of the Floppy Drive. Once I can get to it via the web browser, I can backup to my Desktop. dig +trace does not work the same for me as it does for you, per your explanation.
root@ipcop500:~ # dig +trace gmail.com
; <<>> DiG 9.4.0 <<>> +trace gmail.com ;; global options: printcmd ;; Received 17 bytes from 127.0.0.1#53(127.0.0.1) in 118 ms
root@ipcop500:~ #
root@ipcop500:~ # dig gmail.com
; <<>> DiG 9.4.0 <<>> gmail.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27531 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;gmail.com. IN A
;; ANSWER SECTION: gmail.com. 30 IN A 209.85.171.83 gmail.com. 30 IN A 64.233.171.83 gmail.com. 30 IN A 64.233.161.83
;; Query time: 170 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Jul 15 07:34:22 2008 ;; MSG SIZE rcvd: 75
root@ipcop500:~ #