From owner-freebsd-questions Sun Mar 15 02:22:01 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA00502 for freebsd-questions-outgoing; Sun, 15 Mar 1998 02:22:01 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from dt050n33.san.rr.com (@dt050n33.san.rr.com [204.210.31.51]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA00478 for ; Sun, 15 Mar 1998 02:21:56 -0800 (PST) (envelope-from Studded@dal.net) Received: from dal.net (Studded@localhost [127.0.0.1]) by dt050n33.san.rr.com (8.8.8/8.8.8) with ESMTP id BAA04433; Sun, 15 Mar 1998 01:48:11 -0800 (PST) (envelope-from Studded@dal.net) Message-ID: <350BA3DB.A55948F3@dal.net> Date: Sun, 15 Mar 1998 01:48:11 -0800 From: Studded Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.04 [en] (X11; I; FreeBSD 2.2.6-BETA-0313 i386) MIME-Version: 1.0 To: Glenn Johnson CC: freebsd-questions@FreeBSD.ORG Subject: Re: setting up a primary DNS References: <199803150429.WAA00758@gforce.bellsouth.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Glenn Johnson wrote: > > At my place of work we are changing our ISP within the next 60 days. Our > current ISP is doing our DNS but we would like to have our own DNS machines on > our network in the future. Of course, these DNS machines would be running > FreeBSD. Would there be any problems if I set up my DNS machines now and > brought them online while our current ISP is doing our DNS? I am referring to > problems with SOA and zone information, delegation, etc.? Thanks. The very first step for you is to buy "DNS and BIND, Second edition" from O'Reilly and Associates. The author is listed as Paul Albitz & Cricket Liu, ISBN 1-56592-236-0. This is THE book on DNS, and you need help. :) The short answer to your question is no, you won't have any problems if you set this up now since no references exist to your new dns servers in the "system." That is, no one will know to look at your nameservers, so they won't. :) In fact, it would be a very good idea if you bought the book and started working on it now so that you will be ready when the time comes. You will want two nameservers at your site, and at least one off site machine, preferably two, one at your new ISP and at least one on a whole different physical network. This type of information is covered in the book. Make sure that you tell your new ISP that you want to do your own DNS so that they can make the proper arrangements for your in-addr.arpa domain now. It's possible that the company you're contracting with doesn't have your new block delegated to them, so the paperwork/idiocy can take a long time depending on who you're dealing with. From a security/reliability standpoint make sure to use a recent 2.2.6-Beta snapshot (or wait for 2.2.6-Release) and then use the port to install BIND 8.1.1. If your machines are going to be serving DNS to the world the improved performance and security of the 8.1.1 binaries is a good thing, along with the greatly improved flexibility of the new named.conf syntax. Unfortunately BIND 8.1.1 is not covered in the book, however there is excellent html documentation for it. Also, there is a port of a tool called dnswalk which you should become very familiar with. Providing proper DNS service is not easy, and it's something that a lot of people get wrong. However once you get into the swing of things it becomes second nature. Hope this helps, Doug -- *** Chief Operations Officer, DALnet IRC network *** *** Proud operator, designer and maintainer of the world's largest *** Internet Relay Chat server. 5,328 clients and still growing. *** Try spider.dal.net on ports 6662-4 (Powered by FreeBSD) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message