[CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

Sun Jul 13 23:11:37 UTC 2008
Ian Blackwell <ian at ikel.id.au>

Lanny Marcus wrote:
> I am up and running on our normal IPCop box again. Last night, I 
> changed the DNS Settings in the ADSL Modem, from using the DNS Servers 
> at our local ISP, to those of opendns.com <http://opendns.com>  and 
> that probably will help a lot, until I can get  IPCop configured 
> properly for the Caching DNS Server.
My understanding is that IPCop provides a Caching DNS *Proxy*, not a 
Caching Name Server.  Being a proxy means it forwards any queries that 
it can't answer from it's own cache to full DNS Servers (caching or 
not).  Once it knows the answer it will cache it locally and return that 
answer to local users without contacting the DNS server again - as long 
as it is valid to do so based on the cache time set for that particular 
domain.  For exmaple, my domain's cache time is short because my server 
lives on a dynamic IP address, but google's cache time is long because 
their servers are on static IP addresses and caching for a long time is 
safe for the DNS client to do (no need to query often because the 
servers aren't moving).

If your ADSL modem can act as a DNS server, then you can point IPCop to 
that for DNS, but you can't point IPCop to itself (127.0.0.1) because it 
is only a proxy - not a full DNS server.  In my view, for DNS your IPCop 
box should be directed to:-
1) your ISP's DNS servers; or
2) public DNS servers; or
3) your ADSL modem which is using either of the above.

As I've already mentioned in other replies on this topic, my IPCop 
server uses my ISP for DNS requests.  This means my ADSL modem is 
bypassed for DNS queries, but I'm not even sure if it could respond to 
DNS queries.  Even if it could, since the IPCop is a caching proxy, it 
will keep the query results as long as it is entitled to before 
re-querying the real DNS server again.  Using the ADSL modem won't help 
here because it can't cache any longer than the IPCop box can, so it 
will have to query the real DNS server in this situation.  My view is 
you might as well make the IPCop do that in one step - why involve the 
modem?

Regards,

Ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20080714/b5e4ffa5/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3617 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080714/b5e4ffa5/attachment-0003.bin>