[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Any DNS Experts around........

To: <shef-lug [at] xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Sheflug] Any DNS Experts around........
From: "Rob Keeling" <rob [at] xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 11 Mar 2003 19:34:47 -0000
Delivered-to: shef-lug [at] list.sheflug.org.uk
List-help: <mailto:shef-lug-request [at] list.sheflug.org.uk?subject=help>
List-id: Sheflug <shef-lug.list.sheflug.org.uk>
List-post: <mailto:shef-lug [at] list.sheflug.org.uk>
List-subscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=subscribe>
List-unsubscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=unsubscribe>
Reply-to: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Sender: shef-lug-admin [at] xxxxxxxxxxxxxxxxxxx

>> What I now want to do is "poison" the DNS cache with various entries for
>> other (random) domain names.

>When you think this is the solution, you know you are wrong. Repeat
>after me - "Yuck!"

I know is not good, but there are reasons.

>> eg My laptop wants to send email to smtp.freeserve.net, which is right
for
>> home at school I need it to connect via our
>> school email server. If DNS returned our internal IP for
smtp.freeserve.net
>> ..... problem solved!

>No, problem not solved. For you to 'poison' smtp.freeserve.net means you
>would have to be authoritative for freeserve.net, so you would either
>have to a) live with sites in that domain not working, b) replicate
>their entire zone, c) try to forward the 'correct' requests.

>All of which are horrible 'solutions'.

>What you ought to do is setup DNS at both home and school, and get your
>mail from 'robmail.robsdomain' or something - and have that resolve to
>two different things/CNAMEs in different places.

I need to implement Laptops with Internet Dialup connections, which will
work in/out of school.
Our ISP firewalls connections to/from port 25 so I can`t globally set the
school smtp server.

>> I also want to divert various web pages so that I can add additional web
> >filtering to our system with out having to secondary proxy things.

>That will break lots of things without you realising, and is not the way
>to do filtering (after all, if the kids know the ip address, they still
>get through some of the time). I'm not sure what you mean by a
>'secondary proxy' though - are you saying you want to filter content
>without having a filter in place? Is there something specific you're
>trying to achieve here?

I am supposed to be removing our in school proxy server, to allow "per
student" filtering
from our ISP. I don`t think this is going to work, so want to protect things
a bit more carefully.

The effect I am trying to accieve would be simalar to adding the offending
sites to the hosts file on each
machine, redirecting the ads sites to localhost for example.

I can`t set up additional authorative domains as (as you mention) I don`t
want to lose access to the rest of the domain.

I did wonder about redirecting all outgoing port 25 traffic to our mail
server, which would solve the mail issue, but still
leaves the web filtering.

Thanks for your comments.

Rob Keeling
Network Manager
Queen Elizabeth`s Grammar School


___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.

Follow-Ups:
- Re: [Sheflug] Any DNS Experts around........
  - From: Gary Stimson

References:
- [Sheflug] Any DNS Experts around........
  - From: Rob Keeling
- Re: [Sheflug] Any DNS Experts around........
  - From: Alex Hudson

Prev by Date: Re: [Sheflug] Any DNS Experts around........
Next by Date: Re: [Sheflug] Any DNS Experts around........
Previous by thread: Re: [Sheflug] Any DNS Experts around........
Next by thread: Re: [Sheflug] Any DNS Experts around........
Index(es):
- Date
- Thread