Re: crest.d.o and m68k.d.o
On Mon, Nov 12, 2007 at 01:28:21AM +0100, Michael Schmitz wrote:
> > I'm just wondering if there is a way to redirect DNS queries for crest to
> > a dyndns service without the debian.org DNS getting involved in dynamic
> > DNS itself ...
> Having thought about that for a while, I am sure that a CNAME redirect
> would work, but would obviously not allow for transparent ssh or http
> access (do we also need smtp??).
buildd logs? ;)
> Currently, the debian.org entries still point at their old addresses in
> Duesseldorf (only the local DNS entries have been deleted by me, and
> debian.org DNS obviously did not use CNAME). So instead of changing the IP
> addresses, we could perhaps route traffic to crest and kullervo to
> Christian's DSL at the router/firewall in Duesseldorf, or set up a VPN
> tunnel to Christian's router?
I would opt for the VPN solution...
> Re: Christian's question on Debian dynamic DNS - there is no such thing
> for debian.org, but it is not required if you have an entry in the zone
> file like this:
> crest CNAME crest.cts.dyndns.org.
> (mind the trailing dot :-)
Bad idea... I had that kind of CNAMEing for arrakis, vivaldi and spice,
which gave strange results for mail handling. Stephen suffered very hard
from this and had to ping me several times until all problems were sorted
> Routing/VPN off Duesseldorf would give you a quasi static address (we
> would need to put a similar mechanism in place to update the route entry,
> whereas for VPN you would just have to reopen the tunnel after an IP
> I assume iptables can be tweaked to redirect port 22 for crest to port
> 2622 or whatever on sol, with similar tricks for http and smtp. I would
> have to look at some example rules to pull it off, though.
> Note that I will have to clear any of this with the biophys IT guys, and
> it would take a while to set up. Pointing crest.d.o and m68k.d.o to
> Christian's dyndns would be quicker but less functional.
I've set up an OpenVPN & pppoe-server setup for our holiday flat recently.
That way you can easily assign a public IP to a host behind a natted
firewall... This is basically the same setup as every other ISP uses...
(except the OpenVPN thing instead of MPLS)
Ciao... // Fon: 0381-2744150
Ingo \X/ SIP: email@example.com
gpg pubkey: http://www.juergensmann.de/ij/public_key.asc