Date: Sat, 02 Nov 2002 14:31:06 -0800 From: paul beard <paulbeard@mac.com> To: freebsd-questions@FreeBSD.ORG Subject: caching nameserver (was Resolving hostnames takes "forever") Message-ID: <3DC4522A.5080908@mac.com> References: <200211021432.19756.freebsd.nospam@mekanix.dk> <20021102144105.GA1116@happy-idiot-talk.infracaninophi> <1036250840.74419.67.camel@prometheus> <20021102173007.GC1116@happy-idiot-talk.infracaninophi>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Seaman wrote:
>
> Not knowing anything about your site, that's not something I can give
> a definite answer to. However, running a DNS cache on a local LAN
> segment is pretty simple to do, and usually improves performance. If
> you run the /etc/namedb/make-localhost script and then fire up the
> default named with the config that comes with FreeBSD, it will act as
> a caching nameserver.
This answers questions I didn't realize I had . . . .
Couple of niggling details: I found I had to run the
make-localhost script from w/in /etc/named. It looks in "." for a
needed file, rather than /etc/named. Pehaps set a value for
${NAMED_DIR}?
Next I did these:
> Add:
>
> named_enable="YES"
> named_flags="-u bind -g bind"
>
> to /etc/rc.conf, and put the IP number of your server as the first
> choice in /etc/resolv.conf:
>
> nameserver 12.34.56.78
>
> for the correct value of "12.34.56.78"
I've done this, but I can't get 192.168.2.1 to resolved addresses
in nslookup unless I drop into interactive mode and specify it.
Examples follow:
[/etc/namedb]# nslookup
*** Can't find server name for address 192.168.2.1: Non-existent
host/domain
Default Server: ns1.attbi.com
Address: 204.127.198.4
[/etc/namedb]# nslookup
*** Can't find server name for address 192.168.2.1: Non-existent
host/domain
Default Server: ns1.attbi.com
Address: 204.127.198.4
> server 192.168.2.1
Default Server: [192.168.2.1]
Address: 192.168.2.1
> ftp.freebsd.org
Server: [192.168.2.1]
Address: 192.168.2.1
Non-authoritative answer:
Name: ftp.beastie.tdk.net
Address: 62.243.72.50
Aliases: ftp.freebsd.org
> Note however that this configuration will allow anyone on the net who
> can get packets to port 53 of your server to use your named to do
> recursive lookups --- consult the named.conf(5) man page and the
> documentation at http://www.isc.org/products/BIND/docs/index.html to
> find out how to configure it better.
This looks like something you can do with an acl to permit only
your local network(s). I'm not sure how I invoke it after I set it.
As near as I can make out, this is what I need to permit only
queries from my local network.
// acl list
acl home {
192.168.2/255.255.255.0
};
allow_query {
address_match_list (home);
};
--
Paul Beard / 8040 27th Ave NE / Seattle WA 98115 /
paulbeard [at] mac [ dot] com / 206 529 8400
weblog @ <http://paulbeard.no-ip.org/movabletype/>;
In Seattle, Washington, it is illegal to carry a concealed weapon that
is over six feet in length.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DC4522A.5080908>