Software for providing DNS and DHCP services have typically come from ISC in the form of BIND and dhcpd.
While these software packages are quite robust and, for the most part, quite secure, there are other alternatives that may work better depending on your situation. For smaller home or office networks, managing BIND and dhcpd may be overkill.
Another solution that provides both services is dnsmasq, which will cache external DNS addresses, provide local DNS names or override external DNS entries, and also provides dynamic IP addresses in the form of DHCP.
It can even provide static IP addresses over DHCP, the same as dhcpd, with the only pre-requisite being the MAC address of the system to assign the static IP to.
Most Linux distributions come with dnsmasq packaged, so it is a simple apt-get, yum, or urpmi away. Otherwise, compiling from source is quite easy. Dnsmasq handles DNS setup differently than BIND and other DNS servers. Everything is configured via a single configuration file, /etc/dnsmasq.conf.
When a request comes in, dnsmasq does not look in zone or similar files; it consults /etc/hosts first and then will look externally for addresses by consulting the name server(s) defined in /etc/resolv.conf. This is a quick and easy way to override external DNS addresses by simply defining them in /etc/hosts on the system that is running dnsmasq.
Dnsmasq also provides DHCP services quite easily. To do so, uncomment and set the following options in /etc/dnsmasq.conf:
expand-hosts
domain=example.com
dhcp-range=192.168.0.50,192.168.0.150,12h
dhcp-option=3,192.168.0.1
This will enable DHCP and set the network domain to "example.com". The DHCP server will offer addresses between 192.168.0.50 and 192.168.0.150 with a lease of 12 hours. Finally, dhcp-option sets the third DHCP option, which sets the default route, pointing to 192.168.0.1 as the router.
There are a lot of dhcp-option values; the configuration file and man pages go through them all with examples.
To set a static IP address for a client, use the dhcp-host keyword:
dhcp-host=11:22:33:44:55:66,foo,192.168.0.10
This will always give the host with the hardware MAC address of 11:22:33:44:55:66 the hostname foo (.example.com) and the IP address 192.168.0.10.
Another useful feature of dnsmasq is that it provides a TFTP server as well. You can enable the TFTP server, point it to the root directory of files to serve, and make use of network booting (PXE).
Dnsmasq provides a number of features that make it a compelling replacement for BIND and dhcpd, or any other DNS or DHCP server software you may be using. It can set default MX records, various caching options, a wide variety of DHCP options, SRV records to provide LDAP information, PTR records, SPF records, and even Zeroconf records.
Source: http://www.zdnetasia.com/techguide/opensource/0,39044899,62048842,00.htm
Tuesday, December 30, 2008
Using dnsmasq for DNS and DHCP services
Tuesday, December 23, 2008
CloudShield Announced deployment of CS-2000 network services platform by DNS
CloudShield today announced deployment of its CS-2000 network services platform by Dynamic Network Services, a global provider of Internet-based domain, zone and email services.
Dynamic Network Services also can use the programmability of the CS-2000 to update, on its own or using software upgrades from CloudShield, to be prepared to handle new threats as they develop.
Dynamic Network Services began as a free DNS service provider for the Perl and open-source communities but has grown to provide both its signature free service as well as commercial DNS services and Dynect, an enterprise-class dynamic DNS offering.
“They’ve got to run cost-effectively, since they have free as well as paid-for services, and they want to make sure that service is up and performing as expected,” said Bill Scull, vice president of marketing at CloudShield. “They are using our product to protect their infrastructure to make sure their online presence is maintained despite botnet attacks or D-DOS attacks.”
Such attacks can generate from 10 times to 500 times or more the average traffic on a site and service providers such as Dynamic Network Services cannot afford to over-provision bandwidth to be able to handle such an attack. The CloudShield CS-2000 uses deep packet inspection to detect malicious traffic and prevent it from overwhelming the Web sites, authentication servers, DNS server farms and other service provider infrastructure.
“If they have a CS-2000 in front of their infrastructure, they have the ability to, at line rates, sort the good packets from the bad packets,” Scull said. “Dynamic Network Services had a number of different centers around the globe and they will be deploying our boxes in each of those.”
Source: http://telephonyonline.com/software/news/cloudshield-dns-deployment-1216/
Tuesday, December 16, 2008
Another DNS Outage Gives OpenDNS Free Advertising
The company has certainly been helped each time the nation's two largest ISPs, Comcast and AT&T, temporarily forget how to run their DNS servers (which has happened a number of times over the last few years).
It's not clear how many users switched before Time Warner Cable resolved the problem (their LA network status page seems to indicate the problem is ongoing as of mid-day Friday). While probably not a priority for execs at Time Warner Cable, it does eat away at the revenue generated by DNS redirection advertising, which Time Warner Cable began implementing roughly a year ago. A growing number of ISPs have been implementing DNS redirection ad pages that pop-up when a user mistypes a URL, creating a new profit stream off clumsy typing.
OpenDNS is targeting that same profit stream and so far, and seems to be doing a much better job at it -- by including features that users actually find useful. Earlier this year it was estimated that OpenDNS makes $20,000 per day via their search relationship with Yahoo alone. That's money that could be going into ISP pockets, and you can be sure that eventually, should OpenDNS's popularity continue to grow, carriers will start trying to get wayward DNS users back onto their own servers -- one way or another.
DNS Server, DNS Server Support, DNS Problem, Domain Name System
Source: http://www.dslreports.com/shownews/Another-DNS-Outage-Gives-OpenDNS-Free-Advertising-99648?nocomment=1
Monday, December 15, 2008
RED HERRING AWARDS IYOGI FOR THE 2008 RED HERRING ASIA AMERICA 100
Silicon Valley, CA, Dec 9th, 2008— Red Herring today announced that iYogi is a winner of the Red Herring 100 Award, a selection of the 100 most innovative private technology companies based in Asia.
IYogi delivers technical support services directly to consumers and small businesses and is the first, global, technical support brand based out of India with more than 50,000 customers. The company offers consumers an unlimited, annual subscription service for $119.99 per desktop that includes support for a wide range of technologies, including PC hardware, Microsoft Products Support, Windows Operating systems, Computer Support, Software applications, MP3 players, Networking devices, Digital camera, Printers and scanners etc.
The Red Herring editorial board diligently surveyed the entrepreneurial scene throughout Asia and identified the top 100 out of more than 1,000 closely evaluated companies that are leading the next wave of innovation.
“Our winners and Finalists demonstrate that Asia is increasingly becoming a leader in innovation, contrary to common stereotypes", said Joel Dreyfuss, editor-in-chief of Red Herring. " It was tough to choose just the top 100 finalists from such a large list of excellent contenders, and we are very happy with the quality of the companies we selected as finalists."
“We believe consumers and small business owners should have low-cost access to the highest quality support available on the planet", said Uday Challu, CEO of iYogi. “We are thrilled that our innovative approach to solving everyday technology problems for consumers and our managed services for small businesses has been recognized by Red Herring’s keen-eyed leadership. We are continuously innovating in adding new services that includes PC recovery, anti-virus, anti-spyware, data back-up and PC optimization in providing the best tech support experience for our customers”, adds Uday.
The 100 winning companies have been announced at the Red Herring Asia event in Hong Kong. The CEOs of the winning start ups presented their innovative ideas and technologies to an audience of leading entrepreneurs, financiers, and corporate strategists at the event at the Hong Kong, JW Marriott Hotel earlier this week.
About iYogi
iYogi is the first direct-to-consumer and small business technical support service from India. Providing an annual unlimited subscription to technical support, iYogi now boasts of more than 50,000 customers. The company employs 600 professionals servicing customers in the US, UK, Canada, Australia and fast expanding to 12 new geographies across the globe. iYogi’s resolution rate of 87 percent and customer satisfaction rate of 93 percent are amongst the highest published benchmarks in the industry. For further information, please visit www.iyogi.net.
iYogi Contact
Vishal Dhar
President Marketing, iYogi Inc.
Phone: 212 229 0901
Email: vishal@iyogi.net
Tuesday, December 9, 2008
Beware of Scoundrel DHCP servers, warns Symantec
Using a malicious DNS server to divert traffic to malicious sites is known as pharming. A pharmed user may type a bank URL directly into the browser (as recommended by most financial institutions), but may end up on a fake site designed to capture login details to aid in making fraudulent transactions.
According to Symantec, a Trojan it has dubbed Flush.M sets up a rogue DHCP server on the victim's PC.
When other systems on the LAN make a DHCP request to receive or renew an IP address, Flush.M responds.
If the requesting system receives Flush.M's response before that of the real DHCP server, it will start using the malicious DNS server(s) rather than those specified by the real network administrator.
This can be done by infecting just one PC on the LAN, and it can potentially divert the traffic from any other device, regardless of its operating system.
Furthermore, security software running on those other devices is unlikely to find anything wrong.
Symantec suggests network administrators should watch for DHCP offers originating from addresses other than their DHCP servers, and that they monitor or block traffic to the IP address range 85.255.112.0 to 85.255.127.255, which includes known malicious DNS servers.
If you are suffering from these type of rogue DNS then no need to worry just give us a call at 1-866-914-9838 and talk to a Microsoft certified professionals within a minute & get DNS server support.
Source:itwire.com