On Mon, Jul 14, 2008 at 12:19 PM, Scott Silva <ssilva at sgvwater.com> wrote: >>> I just played with one of my test vmware ipcop images and set it to dhcp >>> on >>> our internal network (which should simulate your natted connection >>> through >>> your adsl modem) for the red interface and I was able to dig +trace >>> google.com >>> with proper answers. So it is possible to get it working unless your ISP >>> blocks DNS queries to anywhere else but their own servers. <snip> > Just played with the vmware box again. It won't resolve to itself, so forget > putting the localhost address in the dns servers box. The other box I played > with had a secondary address as a fallback and that is why it was working. > > I think for the dig +trace to work for you you need a box that will do full > recursion as your upstream DNS server. I had mine pointed to our caching > resolver and I saw the queries log there. > > I would forget about setting nameservers in your adsl modem as I doubt it > has a very large cache so it will expire entries quickly. If you point your > ipcop's dns entries to opendns or another free resolver you should be good > to go. I have it working, with one glitch (cannot get to the IPCop web interface from my Desktop) in the Backup IPCop box. Yesterday, I installed a different HD, ran Diagnostics on that, ran Memtest 86 and then did a clean install of IPCop 1.4.16 from the CD I made last year. Last night, with some difficulty, I was able to connect to the IPCop box with the web browser, change the settings for SSH in it, but I could not browse. There was no resolution. This morning, I noticed when it booted there was a message, "Bad Default Gateway". Previously, "Default Gateway" was blank. In the IPCop box, where it has "DNS & Gateway" settings, I have the 2 IP addresses to access the opendns.com DNS service (they have DNS servers in 4 U.S. cities and in London as I recall) and after I changed "Default Gateway" to 192.168.1.1 (the ADSL modem) I was online. :-) Not sure why I am not able to get to it via the web browser on my Desktop. Also, last night, when I was able to access the IPCop box with the web browser, I noticed that it is on IPCop v.1.4.16, but it said that there are no updates available. I know there are two (2) updates available, to bring it up to 1.4.18. So, with your help and the help of others, all greatly appreciated, I have a Caching DNS Server working on my IPCop box and I have also discontinued using the problematic DNS Servers at my ISP. :-) Thanks much, to everyone who provided ideas. and guidance! It's running Headless now and I think the HW in that box is OK, with the probable exception of the Floppy Drive. Once I can get to it via the web browser, I can backup to my Desktop. dig +trace does not work the same for me as it does for you, per your explanation. root at ipcop500:~ # dig +trace gmail.com ; <<>> DiG 9.4.0 <<>> +trace gmail.com ;; global options: printcmd ;; Received 17 bytes from 127.0.0.1#53(127.0.0.1) in 118 ms root at ipcop500:~ # root at ipcop500:~ # dig gmail.com ; <<>> DiG 9.4.0 <<>> gmail.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27531 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;gmail.com. IN A ;; ANSWER SECTION: gmail.com. 30 IN A 209.85.171.83 gmail.com. 30 IN A 64.233.171.83 gmail.com. 30 IN A 64.233.161.83 ;; Query time: 170 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Jul 15 07:34:22 2008 ;; MSG SIZE rcvd: 75 root at ipcop500:~ #