04-11-2007
Continued...
Thanks for the replies.
I have a few different situations in which I'm trying to set this up, but I'll give a more concrete example: my parent's network connecting to my network via OpenVPN.
I have a network in 192.168.20.0/24 and my parents are in 192.168.2.0/24 and OpenVPN connects both sites over DSL lines. I run my own DNS server for internal name resolution with my internal domain being myplace.priv. My parents have a DNS server and their internal domain is parents.priv. I'd like for them to be able to resolve intranet.myplace.priv as well as parentnet.parents.priv using just the hostname. For example, if they type:
http://intranet into Firefox, they should ideally get to intranet.myplace.priv as long as the OpenVPN connection is up. In the event that it's down, I don't mind if they can't get there. But I'd still like them to be able to access their own site at
http://parentnet.
The problem I've run into in the past is that they've needed to use the FQDN to access resources on my network if I set their 'search' option as 'search parentnet.parents.priv' or as the case may be, have DHCP push that out. And this is what I'm asking for... a way for the query to fail within one domain and pass onto the next before heading out the door to the ISP DNS server (where it should fail as well since this is all private internal stuff). Ideally, if they ask for
http://intranet and that host or alias only exists in my domain, then it should fail for their domain. So maybe the search order matter first? I'm still not sure if I'm explaining this clearly. I just really want to avoid having to pull them into my domain. But maybe that's the way to go with them as a secondary to my master...
10 More Discussions You Might Find Interesting
1. Programming
Hi,
I am writing a socket program at the moment that uses both of the clients network interfaces. The program tries to create two socket connections to the server over a LAN connection and a GPRS connection. I have tried to update the routing table using the route command but that proved... (0 Replies)
Discussion started by: mhynes
0 Replies
2. Solaris
hey guys, how to add soalris box as a microsoft DNS Client ?
and how to register in the microsoft DNS ??
i managed to query from the DNS server after adding /etc/resolve.conf and editing /etc/nsswitch.conf
but i need to register the soalris server (dns Client) into Microsoft DNS automatically.... (3 Replies)
Discussion started by: mduweik
3 Replies
3. IP Networking
Hello this is my first post at this forum.
Apologize for my lack of network understanding
but Im posting to learn.
I have a problem reaching default gateway 10.18.110.1
If I use my laptop I can ping 10.18.110.1 but with our red hat multihomed server the gateway does not respond to ping.
cat... (11 Replies)
Discussion started by: vettec3
11 Replies
4. IP Networking
The Linux resolver queries all nameservers in the order they are listed in /etc/resolver.conf.
If a nameserver times out, it advances on to the following nameserver.
But, if a nameserver returns "not found" (NXDOMAIN) it stops.
This behaviour is problematic when you need to resolve names from... (0 Replies)
Discussion started by: colemar
0 Replies
5. UNIX for Advanced & Expert Users
I'd like to get some opnions on choosing DNS server:
Windows DNS vs Linux BIND comparrsion:
1) managment, easy of use
2) Security
3) features
4) peformance
5) ??
I personally prefer Windows DNS server for management, it supports GUI and command line. But I am not sure about security... (2 Replies)
Discussion started by: honglus
2 Replies
6. UNIX for Advanced & Expert Users
Hey everyone. We're in the process of deploying a number of servers. They're HP DL360 G6's. OS is RHEL 5.4
They've got two on board NIC's, as well as an additional dual port network card, giving us a total of 4 NIC's. Eth0 and Eth2 are bonded together using the bonding module, and the resulting... (2 Replies)
Discussion started by: msarro
2 Replies
7. IP Networking
The following thread is closed: 133552-howto-linux-multihomed-dns-client (Sorry I am not allowed to post URLs)
Therefore I write this append in an own thread.
The HOWTO in the referenced thread helped me a lot and I only want to append how to make reverse lookup working for a local zone:
... (0 Replies)
Discussion started by: scheruga
0 Replies
8. Red Hat
Hi,
I have a question on how to point the DNS server-1's A-record to second DNS server, which is DNS server-2. So, the computer can access other domain which only listed in the DNS server-2. The scenario is as follow:
http://img689.imageshack.us/img689/6333/12234.png
How to configure this... (4 Replies)
Discussion started by: Paris Heng
4 Replies
9. Red Hat
I am trying to setup a CentOS 6.2 server that will be doing 3 things DHCP, DNS & Samba for a very small office (2 users). The idea being this will replace a very old Win2k server. The users are all windows based clients so only the server will be Linux based.
I've installed CentOS 6.2 with... (4 Replies)
Discussion started by: FireBIade
4 Replies
10. Solaris
Hi,
We have built a new server (RHEL VM)and added that IP/hostname into dns zone configs file on DNS server (Solaris 10). Reloaded the configuration using
and added nameserver into resolv.conf on client. But when I am trying nslookup, its not getting resolved. The nameserver is not able to... (8 Replies)
Discussion started by: snchaudhari2
8 Replies
LEARN ABOUT DEBIAN
eurephia-variables
eurephia-variables(7) eurephia-variables(7)
NAME
eurephia-variables - eurephia configuration variables
DESCRIPTION
Overview over all eurephia configuration variables. These variables are stored in the database and can be modified by the eurephiadm con-
fig command.
PASSWORD HASH
These variables are related to the password hash configuration. All of them must be set, but they can be changed over time without affect-
ing the functionality of the already stored passwords.
These parameters are the first to be set when eurephia_init is run. The minimum and maximum hash rounds are bechmarked for you with this
tool to find more suitable numbers for the hardware eurephia will be running on.
passwordhash_salt_length
Sets number of bytes to use for the password hash salt.
passwordhash_rounds_min
Sets the minimum number of hashing rounds to perform when calculating new password hashes.
passwordhash_rounds_max
Sets the maximum number of hashing rounds to perform when calculating new password hashes
ATTEMPTS SETTINGS
eurephia can blacklist user names, certificates and IP addresses based on number of failed attempts. The following parameters defines the
limits of how many attempts you are willing to allow before blacklisting them.
allow_cert_attempts
Defines the number of attempts of failed login attempts you allow before you will blacklist the OpenVPN clients cerrtificate. This
number should normally be higher than allow_username_attempts. Default is 5.
allow_username_attempts
Defines the number of failed ttempts for a user name can be tried before you will blacklist the user name from further attempts.
Default is 3.
allow_ipaddr_attempts
Defines the number of failed attempts for an IP address to be used before you will blacklist the IP address from further attempts.
This one should be the least strictest limit. You also need to consider if your clients will log in via a proxy or NATed network
and how many of your clients will do so. If you experience many users failing to log on and more of them are behind the same proxy
or NAT gateway, this may blacklist the IP address quicker than intended. But if among many failing attempts a valid authentication
happens, the attempts counter will be reset again, so this limit do not need to be too forgiving. Default is 10.
FIREWALL INTEGRATION
If you are running the OpenVPN server with eurephia on a Linux server, it is possible to let eurephia interact with the firewall as well.
These settings will enable the firewall integration and tell eurephia how to interact with the firewall. These parameters are very ipta-
bles oriented. The iptables firewall module must be enabled at compile time and be installed to work.
firewall_interface
This is the variable which enables firewall integration. This variable must point at the firewall driver, which is a shared object
file which eurephia will load dynamically. These drivers are prefixed efw and will be found in the same lib or lib64 directory as
the eurephia-auth and edb-sqlite modules. The variable must contain the full path to the driver module.
firewall_command
This defines the binary the firewall module will execute to help update the firewall. For iptables this defaults to /sbin/iptables.
firewall_destination
Defines which predefined firewall rule to use when updating the firewall. The default value is vpn_users.
firewall_blacklist_destination
This activates firewall based IP address blacklisting in addition to the internal blacklist in eurephia. This variable defines
which firewall rule to use when wanting to blacklist an IP address.
firewall_blacklist_send_to
This is an optional parameter. Normally when eurephia blacklists an IP address it will default to drop the network packets from
that client. You can use this variable to send it to a different firewall target. This is useful if you to, for example, log the
incident to the system log before dropping the packets.
EUREPHIA UTILITIES
These settings are used by the eurephia administration utility, eurephiadm.
eurephiadmin_autologout
This defines how long a eurephia administration utility may have an open session before it is considered inactive. When exceeding
this limit, the administrator user will be out automatically. The unit for this setting is minutes and the default value is 10.
eurephiadm_xslt_path
The eurephiadm utility uses XSLT templates for generating the output to the screen. This variable gives you the possibility to have
your own set of templates in a different directory instead of using the system wide XSLT templates installed by default. This vari-
able is not set by default.
SEE ALSO
eurephiadm-config(7), eurephia_init(7),
Administrators Tutorial and Manual
AUTHOR
Copyright (C) 2008-2010 David Sommerseth <dazo@users.sourceforge.net>
David Sommerseth July 2010 eurephia-variables(7)