Message-ID: <008301c0c397$065dea30$30fea8c0@pebbelsoft> From: "Peter Ebbelink" <Peter.J.Ebbelink@Bigfoot.com> Date: Thu, 12 Apr 2001 23:24:43 +0200 Subject: Re: [suse-sparc] DNS request failover with SuSE & squid
I'm afraight this is not correctly interpreted:
NOTFOUND=continue will make the search continue with the next item in the
list that is in nsswitch.conf, NOT the next item in DNS resolv.conf
Servers in DNS's resolv.conf will automagically be searched:
The first server in the list (with a maximum of three) will ALLWAYS be used,
EXCEPT when the first server is UNAVAILABLE.
The thing with a home network is that you want to make your DNS server
authorative for YOUR domain and resolve others from an external source.
This can be done by rolling your own local domain server and forward non
resolved names to your ISP's NS
Call your own domain something like "homesweethome.priv", make your
resolv.conf point to 127.0.0.1 and make forwarding to your ISP's NS.
I only have Solaris at hand, but SuSe works quiet the same.
root@myserv# more /etc/resolv.conf
domain homesweethome.priv.
nameserver 127.0.0.1
root@myserv# more /etc/named.conf
options {
directory "/var/named";
pid-file "/var/named/named.pid";
named-xfer "/usr/sbin/named-xfer";
forward first;
forwarders {
<VALID_ISP_NS_#1>;
<VALID_ISP_NS_#2>;
};
zone "." in {
type hint;
file "root.hints";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "local.revzone";
};
zone "homesweethome.priv" in {
type master;
file "homesweethome.priv.zone";
};
zone "254.168.192.in-addr.arpa" in {
type master;
file "192.168.254.revzone";
};
My $0.02
-- Peter
----- Original Message -----
From: <Torsten.Lange@GECITS-EU.COM>
To: <suse-sparc@suse.com>
Sent: Thursday, April 12, 2001 6:08 PM
Subject: Re: [suse-sparc] DNS request failover with SuSE & squid
>
>
> thanks for this one.
> unfortunately, the NOTFOUND=continue statement is default, so there has
> been
> no effect when entering it manually to nsswitch.conf.
>
> the problem with squid and the internal and external name resolution is
> that squid
> should deliver both intra- and internet sites. those internal and external
> http requests
> shall be forwarded to different icp parents based on a simple 'dst' squid
> acl.
>
> ---------------------------------------------------------------
>
> in your resolv.conf file you should be able to specify 2 server, if the
one
> fails it should default to the next server, if you check you
> /etc/nsswitch.conf file you could add a [NOTFOUND=continue] section to the
> host name resolution.
>
> Another way of doing it would be to have the resolv.conf file only reflect
> the
> internal DNS for internal hosts ( I assume this is what it is there for)
> and
> then let squid (in the squid.conf file) do the external resolution. You
> could
> tell squid to do name resolution in its conf file, that way, the system
> would
> query the internal dns and squid would query the external DNS.
>
> Hope this helps
>
>
>
> Torsten.Lange@GECITS-EU.COM wrote:
>
> > i'm experiencing problems with a dns issue on a sparc suse netra (7.1).
> >
> > i want to have squid (or the os) to request name resolution from 2 dns
> > servers.
> > 1 server resolves intranet addresses only and the other one resolves
> > internet addresses.
> > what do i have to configure to let the os (via resolv.conf) and/or squid
> > proxy try the internet
> > nameserver first and ask the other one *only* if the first request
fails.
> > at the moment - i get squid DNS resolution errors because it only tries
> the
> > first nameserver.
> >
> > maybe it doesn't fail over to the other one, because the first one is
> still
> > running but unable to
> > serve the request?
> >
> > any ideas?
> >
> > thanks a lot
> >
> > torsten
>
>
>
>
>
This archive was generated by hypermail 2.1.0 : Wed Jun 06 2001 - 11:09:02 PDT