[CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

Sat Jul 12 22:57:00 UTC 2008
Lanny Marcus <lmmailinglists at gmail.com>

On 7/11/08, Scott Silva <ssilva at sgvwater.com> wrote:
<snip>
 >> Question: Awhile ago, I got into the configuration settings for our
>> ZTE ADSL Modem.
>> For the change to me having my own Caching DNS Server, in the settings
>> for the ADSL modem at this time, using the DNS servers at our ISP:
>> Primary DNS Server   	200.29.104.22
>> Secondary DNS Server 	200.29.96.22
>>
>> When I think I am ready to test the change I make to IPCop setting(s),
>> should I set those to 0.0.0.0. so I can use my own DNS Server ? Or.
>> leave those spaces blank? Or, leave them as they are now? Thank you,
>> very much, for your time and help, which are greatly appreciated!

> It looks as if your ADSL modem is in NAT mode, so it is acting like a very
> simple router already. What settings does it actually have?

Scott: Which settings in the ADSL Modem are you interested in? There
are quite a few settings available in the web interface. If you tell
me which settings are of interest, I'll get them for you.

ADSL Port  Enable
Downstream Line Rate  2047
  Upstream Line Rate  507
  LAN IP Address  192.168.1.1
  Default Gateway  190.1.216.1
  Primary DNS Server  200.29.104.22
  Secondary DNS Server  200.29.96.22

ADSL line status

 Current adsl line status is as the below.

 Line Mode  ADSL2+   Line State  Show Time
  Line Up Time Duration  00:05:28:31   System Up Time  00:05:28:39
  Line Downstream Rate  2047   Line Upstream Rate  507
  Latency Type  Fast   Line Coding  Trellis On
  Noise Margin  31.6   Line Attenuation  19.5
  Output power  22.0   Attainable Line Rate  17628
  Line Up Count  1   Status  No Defect

If you note any problems in the quality of the line, the phone company
people were working in our subdivision a few weeks ago and they
detected a problem, with a long cable we have, underground, about 100
(?) meters in the street to their box. Apparently, 2 cables are
touching. They mentioned running a new cable in the air, instead of
underground. I was surprised that they found this problem, because at
the same time, on speedtest.net I  got a Download speed of 1780 from a
server in Orlando and our contract with our ISP is for 550, so I was
happy with the speed they were providing to us.

> I think you can leave those settings alone, as they only will be used if you
> point DNS settings at the modems ip address. If you set your IPcop box at
> 127.0.0.1 it should seek out to the root servers by itself.

Cool. It sounds like all I need to do is change the one setting in the
IPCop box and if all goes well, my Caching DNS Server is up and
running. I will try it, ASAP, on our backup IPCop box. If I get up
*early* Sunday morning, I will try it then.

> As I posted earlier, you will have to poke around in the ipcop setup menu to
> get dhcp and custom DNS settings both working.

That's why I want to do it on the backup IPCop box. If it stops
working, my VIP users can continue using the IPCop box that works and
I don't have irate users.  :-) The IPCop box is our "Production"
server.  :-)

> I just played with one of my test vmware ipcop images and set it to dhcp on
> our internal network (which should simulate your natted connection through
> your adsl modem) for the red interface and I was able to dig +trace
> google.com
> with proper answers. So it is possible to get it working unless your ISP
> blocks DNS queries to anywhere else but their own servers.

Hoping they are not blocking those DNS queries or any other traffic.

I just SSH'd into the IPCop box:

root at ipcop:~ # dig gmail.com

; <<>> DiG 9.4.0 <<>> gmail.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29247
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 11

;; QUESTION SECTION:
;gmail.com.                     IN      A

;; ANSWER SECTION:
gmail.com.              27      IN      A       64.233.161.83
gmail.com.              27      IN      A       209.85.171.83
gmail.com.              27      IN      A       64.233.171.83

;; AUTHORITY SECTION:
com.                    152960  IN      NS      a.gtld-servers.net.
com.                    152960  IN      NS      f.gtld-servers.net.
com.                    152960  IN      NS      m.gtld-servers.net.
com.                    152960  IN      NS      b.gtld-servers.net.
com.                    152960  IN      NS      j.gtld-servers.net.
com.                    152960  IN      NS      g.gtld-servers.net.
com.                    152960  IN      NS      l.gtld-servers.net.
com.                    152960  IN      NS      i.gtld-servers.net.
com.                    152960  IN      NS      c.gtld-servers.net.
com.                    152960  IN      NS      e.gtld-servers.net.
com.                    152960  IN      NS      k.gtld-servers.net.
com.                    152960  IN      NS      h.gtld-servers.net.
com.                    152960  IN      NS      d.gtld-servers.net.

;; ADDITIONAL SECTION:
j.gtld-servers.net.     172736  IN      A       192.48.79.30
b.gtld-servers.net.     172737  IN      A       192.33.14.30
b.gtld-servers.net.     172737  IN      AAAA    2001:503:231d::2:30
i.gtld-servers.net.     172737  IN      A       192.43.172.30
l.gtld-servers.net.     172736  IN      A       192.41.162.30
d.gtld-servers.net.     172736  IN      A       192.31.80.30
c.gtld-servers.net.     172791  IN      A       192.26.92.30
g.gtld-servers.net.     172736  IN      A       192.42.93.30
h.gtld-servers.net.     172737  IN      A       192.54.112.30
k.gtld-servers.net.     172736  IN      A       192.52.178.30
a.gtld-servers.net.     172736  IN      A       192.5.6.30

;; Query time: 35 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jul 12 17:52:10 2008
;; MSG SIZE  rcvd: 487

root at ipcop:~ #

root at ipcop:~ # dig +trace gmail.com

; <<>> DiG 9.4.0 <<>> +trace gmail.com
;; global options:  printcmd
;; connection timed out; no servers could be reached
root at ipcop:~ #

Possibly after I have the DNS Caching working, dig +trace will work.

Thanks much! Lanny