From: Lucas, David (David.Lucas@unh.edu)
Date: Wed Jul 14 2004 - 06:42:51 CDT
Ok, I take that back. Microsoft released some patches yesterday, and well,
I tried to install them through the Squid machine with no success. I
believe it's a DNS issue - because when I place our public DNS servers on
the computer and allow port 53 to masquerade to those DNS servers it works
fine. I was wondering if anyone has seen this and know of any more zones
that need to be placed in the named.conf file, please share if you do know.
I used a sniffer and tried to get more information but most of the addresses
could not be resolved to names. Grrr... Why can't Microsoft make this
easier for us to patch computers??
Dave
-----Original Message-----
From: owner-netreg@southwestern.edu [mailto:owner-netreg@southwestern.edu]
On Behalf Of Lucas, David
Sent: Wednesday, July 07, 2004 5:20 PM
To: 'netreg@southwestern.edu'
Subject: RE: NetReg: Selective DNS Forwarding As a Method to Allow Self-He
lp From Quarantine Networks--BIND Configuration
Here at UNH we are to using Squid as the proxy server. With the help from
Jason's email we finally got everything working. If anyone has any
questions on the configuration then please let me know.
Dave
-----Original Message-----
From: owner-netreg@southwestern.edu [mailto:owner-netreg@southwestern.edu]
On Behalf Of Azze, Jason
Sent: Wednesday, July 07, 2004 4:25 PM
To: netreg@southwestern.edu
Subject: RE: NetReg: Selective DNS Forwarding As a Method to Allow Self-Help
>From Quarantine Networks--BIND Configuration
> -----Original Message-----
> From: Robert Lowe [mailto:Robert.H.Lowe@lawrence.edu]
> Sent: Wednesday, July 07, 2004 3:17 PM
> To: netreg@southwestern.edu
> Subject: Re: NetReg: Selective DNS Forwarding As a Method to Allow
> Self-Help From Quarantine Networks--BIND Configuration
>
> The other half is not as easily solved. I haven't given this any
> serious thought, but a carefully configured proxy, e.g. squid, along
> with a few wildcard DNS RRs pointed at it, might provide a more
> complete solution and a secure means of allowing in-/outbound Internet
> traffic to unregistered clients. Just a thought... if someone tries
> it, let us know!
>
> -Robert
>
I agree that a proxy would provide a more complete solution. A fellow named
Peter Peters (over on resnet-l) from Universiteit Twente in .nl is using
Squid in this way, and I think Phil Rodrigues and the gang at NYU are using
NAT and DNS to do something similar.
The tough part for us wasn't the configuration of DNS, but was getting the
list of zones from Microsoft that would allow Windows Update to work. I hope
the list will help someone.
-Jason
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg Send requests for assistance to:
owner-netreg@southwestern.edu
**********************************************************************
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:46 CDT