Internal DNS update.

[swestrup]

This morning I tore out dnscache and replaced it with dnsmasq on our internal DNS system. This should have no effect visible to anyone not on our local network, and it should be pretty transparent, even then.

Then again, some of the options I've set don't seem to do what I think they should, so if your garage door has suddenly started opening and closing by itself, this might be the reason.

And now... I'm gonna go take a nap, as I really never got any sleep last night.

Comments

[cpirate.livejournal.com]

So wait, there's software out there that can replace dnscache? Good gravy, where was this two years ago when I really could have used it.

Dnscache may work reasonably well, but man, I hate the (lack of) license and the disgustingly unreadable code....

[swestrup]

> there's software out there that can replace dnscache?

Alas, not really. dnscache is a (buggy) recursive resolver while dnsmasq is just a forwarding proxy that relies on the recursive resolver of my upstream ISP.

As of about 12 months ago, when akadns.net modified its CNAME linking in response to a massive denial of service attack, dnscache has not been able to resolve most akadns.net domain names, including www.flickr.com, www.microsoft.com, and www.yahoo.com. As you can imagine, this is a bit of a problem.

There are patches for dnscache (and tinydns, for that matter) that fix the current bugs and deficiencies, but I don't have a dev environment set up for my router, and I didn't really like the idea of installing one and applying the patches, although I may eventually go that route.

There is a replacement piece of software called MaraDNS that I looked into, but it doesn't currently support a split horizon configuration, which I need.

[cpirate.livejournal.com]

Ah, I see. Informative all the same, I thought that MaraDNS was an authoritative-only DNS server.