[ previous ] [ next ] [ threads ]
 
 From:  "Aaron Cherman" <aaronc at morad dot ab dot ca>
 To:  "krt" <kkrrtt at gmail dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] How are DNS Server Addresses Treated?
 Date:  Tue, 15 May 2007 08:37:21 -0600 
That is great info!  I will work on this and test.  I will also do some 
reading on the FreeBSD site.

Thanks to krt and Chris for the info and help.


Aaron


> On m0n0wall, DNS queries are sequential and not subsequent.  The order of 
> the hosts matters.  You can verify this by placing a sniffer in between 
> your m0n0wall and your DNS servers.
>
> This is the common UNIX method.  It is not like the Microsoft method of 
> Scattershot DNS and take the first return.
>
> dnsmasq polls servers in the same fashion.
>
> DNS queries are a client generated event.  In m0n0wall (FreeBSD) and other 
> UNIX variants, you'll find that the default timeout period for a DNS 
> response is 30 seconds.
>
> Microsoft (and others) do a new trick, where they try all servers in the 
> list at the same time, or nearly the same time.  They will take the first 
> response and move on.  It's an interesting way to speed up DNS, in the 
> event that one of the defined servers has failed.
>
> dnsmasq has the same timeout values that I've observed.
>
>
>
>
> What I would do is this:
>
> On your m0n0wall, set it's primary DNS server to your dnsredirector 
> server.
>
> Since m0n0wall requires dnsmasq for captive portal functions, you will 
> have to use dnsmasq.  dnsmasq uses the same server list as the m0n0wall 
> and will also use the dnsredirector as the primary DNS.
>
> I would then go and set some regular DNS servers as secondary and tertiary 
> for failover in the event that the dnsredirector box goes away.
>
> This insures that all of your customers go through the very neat 
> dnsredirector box, and perhaps you can do more with it down the road in 
> addition to solving the service outage notification problem and saving all 
> of those false truck rolls and CHURN.
>
> I hope this helps and that I've not missed something.
>
> -- krt
>
>
>
>
> Aaron Cherman wrote:
>> Okay, this is further to my project of having a web page show up for our 
>> WiSP customers in the event that our incoming fiber goes down - see 
>> "Captive Portal While Service Unavailable".
>>
>> I have found a software app (www.dnsredirector.com) that has the ability 
>> to redirect requests as per defined rules.  This could work if m0n0wall 
>> can't see it's primary DNS servers and then looks to this server.  My 
>> question is how does m0n0wall deal with the DNS server list.  Does it 
>> always look for the first entry first, then second entry second, and so 
>> on?  Could I enter this server's address as the fourth in config.xml? 
>> And what is the timeout before moving on?
>>
>> Thanks again for everyone's help.
>>
>>
>> Aaron
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>