From: Tobias Reckhard (jester71gmx.net)
Date: Thu Sep 18 2003 - 06:50:55 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

John Peach wrote:
> I'm very wary of tinydns anyway. By "design" it doesn't answer TCP queries, which, of course, breaks recent billyshit impementations which only speak TCP.

So install axfrdns. That takes around five minutes. BTW, this is
described in http://cr.yp.to/djbdns/tcp.html, which is linked from
http://cr.yp.to/djbdns.html, under the heading "How to answer TCP
queries". Shouldn't be hard to find.

> It does not appear to be well documented how tinydns for an *internal* only nameserver can interact with dnscache for the rest of it.

How about this (assuming that dnscache is installed in /etc/dnscache,
symlinked to /service/dnscache, and up and running):
tinydns-conf Gtinydns Gdnslog /etc/tinydns 127.0.0.1
ln -s /etc/tinydns /service
cd /etc/tinydns/root
./add-ns internal.domain 127.0.0.1
make
echo 127.0.0.1 > /etc/dnscache/root/servers/internal.domain
svc -t /service/dnscache

Not really difficult.

> Obviously I cannot tell the root nameservers that I am authoritative for doubleclick.net et al and I use this nameserver for my home network.

Then s/internal\.domain/doubleclick\.net/g above. Add records to the
tinydns data file as desired (and run make afterwards).

> BIND has been doing a perfectly acceptable job for me

Cool. But does that portray a deficiency in djbdns?

> and with the patched version(s) released this morning, I prefer the way that the ISC have solved the problem to the patch for dnscache which relies on hardwiring the IP addresses returned.

Each has its merit, neither is perfect. Verisign has done nothing that
violates the DNS protocol, so any fixes on our behalf must be of limited
usefulness.

Cheers,
Tobias

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]