Re: Redirect DNS Requests

> The reason this fails is because when a caching server queries an
> authoritative server, it doesn't set the Recursion Desired flag. So the
> AT&T server isn't able to answer the query unless the answer just
> happens to be in its cache already.

Ahaha, that answers it. If I setup my own DNS server is there a way to hack
it so it always does recursion? This might create more problems somewhere
though.

> What I think you should do is redirect *only* the addresses of the
> caching DNS servers that are no longer in operation. That way, if a
> customer has their own DNS server that goes directly to authoritative
> servers, it won't be affected by the redirection.

Thats what I am doing now. Its hard to figure out what ones are being used
and failing until someone complains. The one that gave the worse trouble
this solves though. Why anyone set DNS servers up static instead of
automatic I dunno. Perhaps Win95 carry overs.

Using a local DNS cache instead of a remote one 5 states away I think would
perform better. That is having my local small DNS cache that uses AT&T
cache some 9ms out.

Thanks

Matt


> > We are a small ISP with dialup and wireless accounts. We just inherited
the
> > Dialup side of another ISP. Many of his users have statically assigned
DNS
> > entries and some point at IP's that occasionally just don't answer. We
are
> > on AT&T now.
> >
> > We use Mikrotik Linux based routers. They have configurable firewalls
that
> > allow things including Redirect and NAT.
> >
> > Would it be possible to use NAT to redirect all UDP port 53 packets to
> > AT&T's DNS servers? Would this cause total chaos? We have tried it and
it
> > seems to work for the users with the wrong static DNS servers in there
> > settings and there DNS lookups work reliably again. It has caused chaos
on
> > one other occasion though. We have one user that is running a W2K box
that
> > they use as there own DNS server and it goes directly to the root
servers.
> > Some reason it quit.
>
> The reason this fails is because when a caching server queries an
> authoritative server, it doesn't set the Recursion Desired flag. So the
> AT&T server isn't able to answer the query unless the answer just
> happens to be in its cache already.
>
> > So is redirecting DNS requests transparently feasible or will it cause
more
> > trouble then its worth? I could imagine when a DNS client is expecting
to
> > hear from a root or authorative DNS server and a recursive
non-authorative
> > answers it might cause trouble. Would it only cause trouble in these
cases
> > when trying to use the root servers? Would it help if I setup my own
Linux
> > box running bind and redirect to that?
>
> What I think you should do is redirect *only* the addresses of the
> caching DNS servers that are no longer in operation. That way, if a
> customer has their own DNS server that goes directly to authoritative
> servers, it won't be affected by the redirection.