Looking for a Name Resolution solution

Craig White craigwhite at azapple.com
Wed Dec 20 07:53:00 MST 2006 

On Wed, 2006-12-20 at 06:32 -0700, Eric "Shubes" wrote:
> Dazed_75 wrote:
> > I think I have found the answer.  It looks to me like a router which has
> > dnsmasq functionality is exactly what I am looking for.  It would have
> > been nice to find a no cost solution, but I think this is the right
> > answer.  Looks like it meets all the criteria and beyond the initial
> > setup seems to be mostly maintenance free.
> > 
> > For those that have a single machine sharing its network connection with
> > the rest of the LAN, they can do this totally with dnsmasq software.
> > 
> L,
> I'm glad you've found something that meets your requirements. Three comments:
> 
> 1) The first criteria was that no 'computers' are always turned on. I guess
> you're not including a router as a computer. Your DHCP/DNS server would
> *have* to be on all the time. ;)
> 
> 2) A solution that's been working for me is IPCop (http://ipcop.org) on a
> formerly retired emachines 333mh box. Pretty much a firewall on steroids,
> IPCop provides a slew of neat features including DHCP and DNS (caching and
> local hosts) services. I use every feature available (except web proxy) to
> one extent or another. It's very easy to configure, as everything after
> initial NIC configuration (part of installation) is web based. However,
> TTBOMK IPCop does not have a way to automatically update DNS hosts from
> dynamic DHCP leases. It's very simple though to assign static IP addresses
> to servers in DHCP and add them to the DNS hosts file. At least all
> maintenance is consolidated this way, and is easy to do (gui web, from any
> machine that's running on the LAN).
> 
> 3) While not necessarily a concern in the environment(s) you're addressing,
> updating DNS with dynamic DHCP leases can be a security risk in some
> (business) environments. I'm guessing this is why you don't see much of it
> going on.
> 
> Just my .02
> 
> P.S. Samba might be more what you're looking for, but that only covers the
> DNS (name resolution) part. You'd still need a DHCP server available to hand
> out local IP addresses.
----
I definitely agree on ipcop but:

- businesses definitely use dynamic dns with dhcp leases...that is
standard operational mode for Windows AD and even if using ISC's DHCPd,
Windows machines will try to do an RRSET on the dns server. I routinely
use ISC's DHCPd and BIND and routinely use dynamic updating and set the
appropriate ACL's

- Samba doesn't do DNS resolution by default, but uses NetBIOS and WINS
resolutions which are clearly not DNS, don't provide fqdn (fully
qualified domain name) and not appropriate for resolution on typical
tcp/ip based services.

- While I don't recall ipcop's web based interface having options for
ddns and I don't use ipcop to provide DHCP or DNS services, I can see
that the versions are more than capable of supporting ddns and can
easily be manually configured to do so.

Craig

More information about the PLUG-discuss mailing list