[CentOS] Re: OT: anything in CentOS 5.2 that uses opendns.com when browsing web?

Sun Jul 13 23:59:51 UTC 2008
Lanny Marcus <lmmailinglists at gmail.com>

On Sun, Jul 13, 2008 at 6:11 PM, Ian Blackwell <ian at ikel.id.au> wrote:
> Lanny Marcus wrote:
> I am up and running on our normal IPCop box again. Last night, I changed the
> DNS Settings in the ADSL Modem, from using the DNS Servers at our local ISP,
> to those of opendns.com  and that probably will help a lot, until I can get
> IPCop configured properly for the Caching DNS Server.

> My understanding is that IPCop provides a Caching DNS Proxy, not a Caching
> Name Server.

You may be correct about that. Scott Silva tried this using IPCop on a
VM and it did work for him.
I googled for: IPCop+Caching+DNS and these are the first responses I got:

5. Services Menu
As well as caching DNS information from the Internet, the DNS proxy on
IPCop allows you to manually enter hosts whose address you want to
maintain locally. ...
www.ipcop.org/1.4.0/en/admin/html/services.html - 51k - Cached - Similar pages
IPCop History :: IPCop.org :: The bad packets stop here!
Digital Alpha (preliminary) - yes, IPCop runs on Alpha systems as well
as Intel ... Caching DNS; TCP/UDP Port Forwarding; External Service
Access Control ...
www.ipcop.org/index.php?module=pnWikka&tag=IPCopHistory - 26k - Cached
- Similar pages
More results from www.ipcop.org »
IPCop: An Overview
IPCop is a cut-down Linux distribution that is intended to operate as
a ... Caching DNS; TCP/UDP port forwarding; Intrusion detection system
(Snort) ...
www.securityfocus.com/infocus/1556 - 38k - Cached - Similar pages
[Technic] IPCOP
Now, if you use Morenet's DNS system.. consider changing your DHCP to
pass out the IPCOP's caching DNS server instead(but set ipcop itself
to use morenet's ...
lists.more.net/archives/technic/2005-July/009873.html - 10k - Cached -
Similar pages
'Re: [IPCop-devel] Regarding local (green) DNS and global (red ...
I flushed >the local DNS cache and restarted IPCop before testing in
each mode. I got >identical results in all modes - the DNS lookup
would be sucessfully ...
marc.info/?l=ipcop-devel&m=105698912708708&w=2 - 10k - Cached - Similar pages
z o r g . o r g - IPCop Firewall Review
IPCop offers an IPChains based firewall with DHCP server, caching DNS,
the Squid web proxy, Snort intrusion detection system, port
forwarding, ...
www.zorg.org/linux/ipcop.php - 25k - Cached - Similar pages

>  Being a proxy means it forwards any queries that it can't
> answer from it's own cache to full DNS Servers (caching or not).  Once it
> knows the answer it will cache it locally and return that answer to local
> users without contacting the DNS server again - as long as it is valid to do
> so based on the cache time set for that particular domain.  For exmaple, my
> domain's cache time is short because my server lives on a dynamic IP
> address, but google's cache time is long because their servers are on static
> IP addresses and caching for a long time is safe for the DNS client to do
> (no need to query often because the servers aren't moving).
>
> If your ADSL modem can act as a DNS server,

I don't think so, but I will log onto it and see if I can find
anything about it being able to do that.

 >then you can point IPCop to that
> for DNS, but you can't point IPCop to itself (127.0.0.1) because it is only
> a proxy - not a full DNS server.  In my view, for DNS your IPCop box should
> be directed to:-
> 1) your ISP's DNS servers; or

We stopped using the DNS Servers at my ISP last night. I switched the
settings in the ADSL Modem to use the DNS at opendns.com and that will
eliminate the DNS problems we had, when using the DNS Servers at our
ISP.

> 2) public DNS servers; or

Now using opendns.com  as I mentioned above.

> 3) your ADSL modem which is using either of the above.

On this URL: <https://www.opendns.com/start?device=ipcop>
They have the below informaion:

Enable OpenDNS: Unix/Linux IPCop firewall

Get Started > Change DNS on your server > Instructions
Overview

   1. Log in as root and run setup.
   2. Select the Networking option and select OK.
   3. In Network configuration menu, select DNS and Gateway settings
and select OK.
   4. In the DNS and Gateway settings screen, enter the OpenDNS
nameserver addresses. Leave the Gateway value alone. Select OK.
   5. Back on the Network Configuration menu, select Done.
   6. Watch the Pushing Network down... message.
   7. Watch the Pulling Network up... message.
   8. At the Selection menu, press Quit to exit the setup program.

They have information for bind  dnscache and IPCop
I think my next attempt will be to follow the above instructions and
see if I then have DNS!

> As I've already mentioned in other replies on this topic, my IPCop server
> uses my ISP for DNS requests.  This means my ADSL modem is bypassed for DNS
> queries, but I'm not even sure if it could respond to DNS queries.  Even if
> it could, since the IPCop is a caching proxy, it will keep the query results
> as long as it is entitled to before re-querying the real DNS server again.
> Using the ADSL modem won't help here because it can't cache any longer than
> the IPCop box can, so it will have to query the real DNS server in this
> situation.  My view is you might as well make the IPCop do that in one step
> - why involve the modem?

Thanks again. I am probably very close to getting this working on that
IPCop box.