[ previous ] [ next ] [ threads ]
 
 From:  krt <kkrrtt at gmail dot com>
 To:  Aaron Cherman <aaronc at morad dot ab dot ca>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] How are DNS Server Addresses Treated?
 Date:  Tue, 15 May 2007 20:07:25 -0700
Sorry, I should have wrote "On m0n0wall, DNS queries are sequential" and 
left it at that, the "and not subsequent" part is for the Windows bit, 
given that sequential and subsequent are nearly the same thing.

So much for my editing skills... and on the first line too.  Ouch.  My 
ego is stung.



Aaron Cherman wrote:
> That is great info!  I will work on this and test.  I will also do some 
> reading on the FreeBSD site.
> 
> Thanks to krt and Chris for the info and help.
> 
> 
> Aaron
> 
> 
>> On m0n0wall, DNS queries are sequential and not subsequent.  The order 
>> of the hosts matters.  You can verify this by placing a sniffer in 
>> between your m0n0wall and your DNS servers.
>>
>> This is the common UNIX method.  It is not like the Microsoft method 
>> of Scattershot DNS and take the first return.
>>
>> dnsmasq polls servers in the same fashion.
>>
>> DNS queries are a client generated event.  In m0n0wall (FreeBSD) and 
>> other UNIX variants, you'll find that the default timeout period for a 
>> DNS response is 30 seconds.
>>
>> Microsoft (and others) do a new trick, where they try all servers in 
>> the list at the same time, or nearly the same time.  They will take 
>> the first response and move on.  It's an interesting way to speed up 
>> DNS, in the event that one of the defined servers has failed.
>>
>> dnsmasq has the same timeout values that I've observed.
>>
>>
>>
>>
>> What I would do is this:
>>
>> On your m0n0wall, set it's primary DNS server to your dnsredirector 
>> server.
>>
>> Since m0n0wall requires dnsmasq for captive portal functions, you will 
>> have to use dnsmasq.  dnsmasq uses the same server list as the 
>> m0n0wall and will also use the dnsredirector as the primary DNS.
>>
>> I would then go and set some regular DNS servers as secondary and 
>> tertiary for failover in the event that the dnsredirector box goes away.
>>
>> This insures that all of your customers go through the very neat 
>> dnsredirector box, and perhaps you can do more with it down the road 
>> in addition to solving the service outage notification problem and 
>> saving all of those false truck rolls and CHURN.
>>
>> I hope this helps and that I've not missed something.
>>
>> -- krt
>>
>>
>>
>>
>> Aaron Cherman wrote:
>>> Okay, this is further to my project of having a web page show up for 
>>> our WiSP customers in the event that our incoming fiber goes down - 
>>> see "Captive Portal While Service Unavailable".
>>>
>>> I have found a software app (www.dnsredirector.com) that has the 
>>> ability to redirect requests as per defined rules.  This could work 
>>> if m0n0wall can't see it's primary DNS servers and then looks to this 
>>> server.  My question is how does m0n0wall deal with the DNS server 
>>> list.  Does it always look for the first entry first, then second 
>>> entry second, and so on?  Could I enter this server's address as the 
>>> fourth in config.xml? And what is the timeout before moving on?
>>>
>>> Thanks again for everyone's help.
>>>
>>>
>>> Aaron
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
> 
>