Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Multihomed DNS Clients?
Special Forums IP Networking Multihomed DNS Clients? Post 302113968 by deckard on Wednesday 11th of April 2007 04:20:48 PM
Old 04-11-2007
Continued...
Thanks for the replies. Smilie

I have a few different situations in which I'm trying to set this up, but I'll give a more concrete example: my parent's network connecting to my network via OpenVPN.

I have a network in 192.168.20.0/24 and my parents are in 192.168.2.0/24 and OpenVPN connects both sites over DSL lines. I run my own DNS server for internal name resolution with my internal domain being myplace.priv. My parents have a DNS server and their internal domain is parents.priv. I'd like for them to be able to resolve intranet.myplace.priv as well as parentnet.parents.priv using just the hostname. For example, if they type: http://intranet into Firefox, they should ideally get to intranet.myplace.priv as long as the OpenVPN connection is up. In the event that it's down, I don't mind if they can't get there. But I'd still like them to be able to access their own site at http://parentnet.

The problem I've run into in the past is that they've needed to use the FQDN to access resources on my network if I set their 'search' option as 'search parentnet.parents.priv' or as the case may be, have DHCP push that out. And this is what I'm asking for... a way for the query to fail within one domain and pass onto the next before heading out the door to the ISP DNS server (where it should fail as well since this is all private internal stuff). Ideally, if they ask for http://intranet and that host or alias only exists in my domain, then it should fail for their domain. So maybe the search order matter first? I'm still not sure if I'm explaining this clearly. I just really want to avoid having to pull them into my domain. But maybe that's the way to go with them as a secondary to my master...
 

10 More Discussions You Might Find Interesting

1. Programming

Multihomed Client

Hi, I am writing a socket program at the moment that uses both of the clients network interfaces. The program tries to create two socket connections to the server over a LAN connection and a GPRS connection. I have tried to update the routing table using the route command but that proved... (0 Replies)
Discussion started by: mhynes
0 Replies

2. Solaris

Solaris DNS Client For Microsoft DNS Server

hey guys, how to add soalris box as a microsoft DNS Client ? and how to register in the microsoft DNS ?? i managed to query from the DNS server after adding /etc/resolve.conf and editing /etc/nsswitch.conf but i need to register the soalris server (dns Client) into Microsoft DNS automatically.... (3 Replies)
Discussion started by: mduweik
3 Replies

3. IP Networking

Multihomed can not ping gateway

Hello this is my first post at this forum. Apologize for my lack of network understanding but Im posting to learn. I have a problem reaching default gateway 10.18.110.1 If I use my laptop I can ping 10.18.110.1 but with our red hat multihomed server the gateway does not respond to ping. cat... (11 Replies)
Discussion started by: vettec3
11 Replies

4. IP Networking

HOWTO: Linux multihomed dns client

The Linux resolver queries all nameservers in the order they are listed in /etc/resolver.conf. If a nameserver times out, it advances on to the following nameserver. But, if a nameserver returns "not found" (NXDOMAIN) it stops. This behaviour is problematic when you need to resolve names from... (0 Replies)
Discussion started by: colemar
0 Replies

5. UNIX for Advanced & Expert Users

DNS server choice: Windows DNS vs Linux BIND

I'd like to get some opnions on choosing DNS server: Windows DNS vs Linux BIND comparrsion: 1) managment, easy of use 2) Security 3) features 4) peformance 5) ?? I personally prefer Windows DNS server for management, it supports GUI and command line. But I am not sure about security... (2 Replies)
Discussion started by: honglus
2 Replies

6. UNIX for Advanced & Expert Users

Multihomed server, eth1 not working

Hey everyone. We're in the process of deploying a number of servers. They're HP DL360 G6's. OS is RHEL 5.4 They've got two on board NIC's, as well as an additional dual port network card, giving us a total of 4 NIC's. Eth0 and Eth2 are bonded together using the bonding module, and the resulting... (2 Replies)
Discussion started by: msarro
2 Replies

7. IP Networking

HOWTO: Linux multihomed dns client - reverse lookup

The following thread is closed: 133552-howto-linux-multihomed-dns-client (Sorry I am not allowed to post URLs) Therefore I write this append in an own thread. The HOWTO in the referenced thread helped me a lot and I only want to append how to make reverse lookup working for a local zone: ... (0 Replies)
Discussion started by: scheruga
0 Replies

8. Red Hat

DNS A-Record point to another DNS

Hi, I have a question on how to point the DNS server-1's A-record to second DNS server, which is DNS server-2. So, the computer can access other domain which only listed in the DNS server-2. The scenario is as follow: http://img689.imageshack.us/img689/6333/12234.png How to configure this... (4 Replies)
Discussion started by: Paris Heng
4 Replies

9. Red Hat

DHCP & DNS - Clients get IP but don't register in DNS

I am trying to setup a CentOS 6.2 server that will be doing 3 things DHCP, DNS & Samba for a very small office (2 users). The idea being this will replace a very old Win2k server. The users are all windows based clients so only the server will be Linux based. I've installed CentOS 6.2 with... (4 Replies)
Discussion started by: FireBIade
4 Replies

10. Solaris

DNS client added to DNS server but not working

Hi, We have built a new server (RHEL VM)and added that IP/hostname into dns zone configs file on DNS server (Solaris 10). Reloaded the configuration using and added nameserver into resolv.conf on client. But when I am trying nslookup, its not getting resolved. The nameserver is not able to... (8 Replies)
Discussion started by: snchaudhari2
8 Replies

LEARN ABOUT DEBIAN

eurephia-variables

eurephia-variables(7)													     eurephia-variables(7)

NAME

       eurephia-variables - eurephia configuration variables

DESCRIPTION

       Overview  over all eurephia configuration variables.  These variables are stored in the database and can be modified by the eurephiadm con-
       fig command.

PASSWORD HASH

       These variables are related to the password hash configuration.	All of them must be set, but they can be changed over time without affect-
       ing the functionality of the already stored passwords.

       These  parameters  are the first to be set when eurephia_init is run.  The minimum and maximum hash rounds are bechmarked for you with this
       tool to find more suitable numbers for the hardware eurephia will be running on.

       passwordhash_salt_length
	      Sets number of bytes to use for the password hash salt.

       passwordhash_rounds_min
	      Sets the minimum number of hashing rounds to perform when calculating new password hashes.

       passwordhash_rounds_max
	      Sets the maximum number of hashing rounds to perform when calculating new password hashes

ATTEMPTS SETTINGS

       eurephia can blacklist user names, certificates and IP addresses based on number of failed attempts.  The following parameters defines  the
       limits of how many attempts you are willing to allow before blacklisting them.

       allow_cert_attempts
	      Defines  the number of attempts of failed login attempts you allow before you will blacklist the OpenVPN clients cerrtificate.  This
	      number should normally be higher than allow_username_attempts. Default is 5.

       allow_username_attempts
	      Defines the number of failed ttempts for a user name can be tried before you will blacklist the user  name  from	further  attempts.
	      Default is 3.

       allow_ipaddr_attempts
	      Defines  the  number of failed attempts for an IP address to be used before you will blacklist the IP address from further attempts.
	      This one should be the least strictest limit.  You also need to consider if your clients will log in via a proxy	or  NATed  network
	      and  how many of your clients will do so.  If you experience many users failing to log on and more of them are behind the same proxy
	      or NAT gateway, this may blacklist the IP address quicker than intended.	But if among many failing attempts a valid  authentication
	      happens, the attempts counter will be reset again, so this limit do not need to be too forgiving.  Default is 10.

FIREWALL INTEGRATION

       If  you	are running the OpenVPN server with eurephia on a Linux server, it is possible to let eurephia interact with the firewall as well.
       These settings will enable the firewall integration and tell eurephia how to interact with the firewall.  These parameters are  very  ipta-
       bles oriented.  The iptables firewall module must be enabled at compile time and be installed to work.

       firewall_interface
	      This  is	the variable which enables firewall integration. This variable must point at the firewall driver, which is a shared object
	      file which eurephia will load dynamically.  These drivers are prefixed efw and will be found in the same lib or lib64  directory	as
	      the eurephia-auth and edb-sqlite modules.  The variable must contain the full path to the driver module.

       firewall_command
	      This defines the binary the firewall module will execute to help update the firewall.  For iptables this defaults to /sbin/iptables.

       firewall_destination
	      Defines which predefined firewall rule to use when updating the firewall.  The default value is vpn_users.

       firewall_blacklist_destination
	      This  activates  firewall  based	IP  address blacklisting in addition to the internal blacklist in eurephia.  This variable defines
	      which firewall rule to use when wanting to blacklist an IP address.

       firewall_blacklist_send_to
	      This is an optional parameter.  Normally when eurephia blacklists an IP address it will default to drop  the  network  packets  from
	      that  client.  You  can use this variable to send it to a different firewall target.  This is useful if you to, for example, log the
	      incident to the system log before dropping the packets.

EUREPHIA UTILITIES

       These settings are used by the eurephia administration utility, eurephiadm.

       eurephiadmin_autologout
	      This defines how long a eurephia administration utility may have an open session before it is considered inactive.   When  exceeding
	      this limit, the administrator user will be out automatically.  The unit for this setting is minutes and the default value is 10.

       eurephiadm_xslt_path
	      The eurephiadm utility uses XSLT templates for generating the output to the screen.  This variable gives you the possibility to have
	      your own set of templates in a different directory instead of using the system wide XSLT templates installed by default.	This vari-
	      able is not set by default.

SEE ALSO

       eurephiadm-config(7), eurephia_init(7),
       Administrators Tutorial and Manual

AUTHOR

       Copyright (C) 2008-2010	David Sommerseth <dazo@users.sourceforge.net>

David Sommerseth						     July 2010						     eurephia-variables(7)
All times are GMT -4. The time now is 02:36 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy