[CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?
Ian Blackwell
ian at ikel.id.au
Sun Jul 13 23:11:37 UTC 2008
Lanny Marcus wrote:
> I am up and running on our normal IPCop box again. Last night, I
> changed the DNS Settings in the ADSL Modem, from using the DNS Servers
> at our local ISP, to those of opendns.com <http://opendns.com> and
> that probably will help a lot, until I can get IPCop configured
> properly for the Caching DNS Server.
My understanding is that IPCop provides a Caching DNS *Proxy*, not a
Caching Name Server. Being a proxy means it forwards any queries that
it can't answer from it's own cache to full DNS Servers (caching or
not). Once it knows the answer it will cache it locally and return that
answer to local users without contacting the DNS server again - as long
as it is valid to do so based on the cache time set for that particular
domain. For exmaple, my domain's cache time is short because my server
lives on a dynamic IP address, but google's cache time is long because
their servers are on static IP addresses and caching for a long time is
safe for the DNS client to do (no need to query often because the
servers aren't moving).
If your ADSL modem can act as a DNS server, then you can point IPCop to
that for DNS, but you can't point IPCop to itself (127.0.0.1) because it
is only a proxy - not a full DNS server. In my view, for DNS your IPCop
box should be directed to:-
1) your ISP's DNS servers; or
2) public DNS servers; or
3) your ADSL modem which is using either of the above.
As I've already mentioned in other replies on this topic, my IPCop
server uses my ISP for DNS requests. This means my ADSL modem is
bypassed for DNS queries, but I'm not even sure if it could respond to
DNS queries. Even if it could, since the IPCop is a caching proxy, it
will keep the query results as long as it is entitled to before
re-querying the real DNS server again. Using the ADSL modem won't help
here because it can't cache any longer than the IPCop box can, so it
will have to query the real DNS server in this situation. My view is
you might as well make the IPCop do that in one step - why involve the
modem?
Regards,
Ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20080714/b5e4ffa5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3617 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080714/b5e4ffa5/attachment.bin>
More information about the CentOS
mailing list