Story: How to Look Like a Dunce in One Easy LessonTotal Replies: 8
Author Content

Apr 28, 2011
7:27 AM EDT
Now add that config to your backups.

In fact, better yet, script a periodic scp or wget of it to your master network-control workstation, wherever that is, and back it up from there. While you're thinking about it -- any other must-have configs? Same suggestion: copy from point-of-use to a good point-of-overview and back that up.

Also: you're more trusting than I if you don't have an alternate config each pointing at GoogleDNS and OpenDNS nameservers ready to go. If nameservers go down, bog down or slow down, so does your Internetting.

Our gateway/firewall box runs dnsmasq, with the rest of the network getting its DNS from that, so that's a one-place switch for us. That's also the one place we need to use a megabyte-size /etc/hosts file with, not only redirects for all the ad-farms and malware-sites, but the bogus-search page that OpenDNS offers instead of an honest 404.

[edit: had to help kid get ready for school, leaving thoughts posted but incomplete]

Apr 28, 2011
11:49 AM EDT

Just discovered dnsmasq a few months ago, and it's awesome. Really loving it.

Apr 28, 2011
12:06 PM EDT
> ...if you don't have an alternate config each pointing at GoogleDNS and OpenDNS nameservers ready to go...

Google is offering a public DNS now? OK. Learn something new everyday. Many thanks. I already knew about (and use) Open DNS. I'll have to see how Google compares.

Apr 28, 2011
2:02 PM EDT
We use Open DNS for our crappy AT&T installs since they are renowned for their DNS failures. Post back on any pros or cons to the Google offering.

Apr 28, 2011
2:56 PM EDT
I use the Google DNS. Works great. They're probably spying on me - that's the downside.

Apr 28, 2011
3:03 PM EDT
Quoting:Google is offering a public DNS now?

If there's data to be mined, there's money to be made!

Apr 28, 2011
6:49 PM EDT
Prior_Art: dnsmasq also allows us to run a split-horizon network (in Cosby's words, "You can see out, can't nobody see in"). The firewall's /etc/hosts file, and thus dnsmasq, has all the hostnames on our LAN's subdomain (no DHCP on the main segment -- everything's assigned and bogons stand out); we even have an MX for the mailserver.

Apr 28, 2011
7:01 PM EDT
@helios: GoogleDNS seemed responsive enough while I was trying 'em out. I switched us back to OpenDNS because I already had a solution for their search-page substitutions and they're not in the business of data aggregation.

Apr 28, 2011
8:35 PM EDT
@Steven_Rosenber, Why do you write "They're probably spying on me..."?? I thought that Google's current privacy policy includes storing non personally-identifiable logs, but EXCLUDES personal monitoring.

Although their current privacy policy will probably change once they get more and more people hooked into GoogleDNS and once they add more proprietary gotta have-it features.


Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!