WOW, thanks for all the input. Frankly most of the replies violate the
first criteria since most seem to require an always on computer system (and
while a router such as a Linksys WRT54 really is a computer, I do not count
it for that criteria). And the only solution I still see is the one of
using a router with dnsmasq. For example by using open-wrt on any of the
supported routers such as the wrt54gl (not the model I currently have).
I am not sure Craigs message denigrating "appliance" devices applies to
something like open-wrt but I also do not know what djb is and a web search
was not revealing. I do know that dnsmasq allows you to choose lease
duration, and my linksys router does retain leases at least for their
duration.
FYI, machines on my network run Ubuntu 6.06, 6.10, kubuntu 6.06, Windows XP,
98SE, and sometimes Win ME, win2k, Mepis, SUSE 10.1, puppy, knoppix, DSL,
LFS, even tried Mandrake and gentoo. I have not run RedHat in years but
have run 4, 5, 6, 8, and even 9. Never ran Fedora. I probably add and
remove an average of two machines per week. LOW maintenance is critical. I
think a solutuion for me would also work for TONS of people with simpler
needs and for members of SLUG. That is why I would prefer the whole
enchilada be in an off-the-shelf router. I just have not found one with it
built in.
On 12/20/06, Eric Shubes <
plug@shubes.net> wrote:
>
> Craig White wrote:
> > On Wed, 2006-12-20 at 06:32 -0700, Eric "Shubes" wrote:
> >> Dazed_75 wrote:
> >>> I think I have found the answer. It looks to me like a router which
> has
> >>> dnsmasq functionality is exactly what I am looking for. It would have
> >>> been nice to find a no cost solution, but I think this is the right
> >>> answer. Looks like it meets all the criteria and beyond the initial
> >>> setup seems to be mostly maintenance free.
> >>>
> >>> For those that have a single machine sharing its network connection
> with
> >>> the rest of the LAN, they can do this totally with dnsmasq software.
> >>>
> >> L,
> >> I'm glad you've found something that meets your requirements. Three
> comments:
> >>
> >> 1) The first criteria was that no 'computers' are always turned on. I
> guess
> >> you're not including a router as a computer. Your DHCP/DNS server would
> >> *have* to be on all the time. ;)
> >>
> >> 2) A solution that's been working for me is IPCop (http://ipcop.org) on
> a
> >> formerly retired emachines 333mh box. Pretty much a firewall on
> steroids,
> >> IPCop provides a slew of neat features including DHCP and DNS (caching
> and
> >> local hosts) services. I use every feature available (except web proxy)
> to
> >> one extent or another. It's very easy to configure, as everything after
> >> initial NIC configuration (part of installation) is web based. However,
> >> TTBOMK IPCop does not have a way to automatically update DNS hosts from
> >> dynamic DHCP leases. It's very simple though to assign static IP
> addresses
> >> to servers in DHCP and add them to the DNS hosts file. At least all
> >> maintenance is consolidated this way, and is easy to do (gui web, from
> any
> >> machine that's running on the LAN).
> >>
> >> 3) While not necessarily a concern in the environment(s) you're
> addressing,
> >> updating DNS with dynamic DHCP leases can be a security risk in some
> >> (business) environments. I'm guessing this is why you don't see much of
> it
> >> going on.
> >>
> >> Just my .02
> >>
> >> P.S. Samba might be more what you're looking for, but that only covers
> the
> >> DNS (name resolution) part. You'd still need a DHCP server available to
> hand
> >> out local IP addresses.
> > ----
> > I definitely agree on ipcop but:
> >
> > - businesses definitely use dynamic dns with dhcp leases...that is
> > standard operational mode for Windows AD and even if using ISC's DHCPd,
> > Windows machines will try to do an RRSET on the dns server. I routinely
> > use ISC's DHCPd and BIND and routinely use dynamic updating and set the
> > appropriate ACL's
>
> Agreed. However, Dazed's configuration isn't using Windows AD.
>
> > - Samba doesn't do DNS resolution by default, but uses NetBIOS and WINS
> > resolutions which are clearly not DNS, don't provide fqdn (fully
> > qualified domain name) and not appropriate for resolution on typical
> > tcp/ip based services.
>
> I'm thinking that Dazed's LAN would not need fqdn's. Perhaps I'm mistaken.
> Your point that samba is not a robust DNS solution is certainly valid
> though.
>
> > - While I don't recall ipcop's web based interface having options for
> > ddns and I don't use ipcop to provide DHCP or DNS services, I can see
> > that the versions are more than capable of supporting ddns and can
> > easily be manually configured to do so.
>
> That'd certainly be worth looking into. It'd be a nice feature to request
> for the base distro too.
>
> > Craig
> >
> Thanks, Craig. The howto you referenced at http://www.brennan.id.au/ looks
> very nice.
>
> --
> -Eric 'shubes'
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
Be who you are and say what you feel, because those who mind don't matter
and those who matter don't mind. - Dr. Seuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
![M](../imgs/g.png "Eric \\"Shubes\\" at 2006-12-20 14:30")
(text/plain)