Date: Tue, 19 Oct 2004 20:25:21 +0200 (CEST) From: Olaf Hoyer <ohoyer@ohoyer.de> To: Seth Henry <jshamlet@hotmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Private (only) DNS server setup? Message-ID: <20041019201733.E79192@gaff.hhhr.ision.net> In-Reply-To: <BAY18-F2ZncJfKHmj9n00008ff3@hotmail.com> References: <BAY18-F2ZncJfKHmj9n00008ff3@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 19 Oct 2004, Seth Henry wrote: > Guys, > I am trying to decrease the amount of traffic going through my cable modem. > Presently, I have a FreeBSD 4.10 system acting as a gateway router. It runs > ipf/ipnat for filtering, and acts as a dhcp server to the internal network. I > also run ntpd, and have pointed all of my internal machines to the router for > time services. > > I plan to add a caching web proxy, and a private DNS server - which is where > my question comes in. > > I want to run a private DNS server which is visible internally only. Comcast > doesn't like servers, so I don't want to broadcast any DNS information > upstream. (this would also be kind of dumb, as the entries would point to > non-routable addresses) Hi! Hm, basically you set up BIND (or one of DNS demons of your choice) and tell them to a) take queries from clients and get the resolution stuff done b) tell the named that he is primary server for certain domains, like foo.bar.homezone a) ist done automatically after named ist started, that BIND is a caching nameserver, for easy you should put a forwarders clause in your named.conf so that BIND always tries to ask your providers DNS first, will also help to reduce traffic. b) Well, if you want to propagate DNS upstream or only on a local network is the same setup, when you have a primary DNS running- its the same named.conf, where named is responsible for a certain zone. As you are running a firewall, I assume that every port that is not needed to be visible from "outer space" ist closed, so there is no problem with that. Or you could tell named to only listen on the internal interface, which is the technically correct solution. All that stuff should be covered within the handbook, as pointed out, in my named.conf on a 4-stable the comments in the named.conf are also sufficient to create a primary DNS... HTH Olaf -- Olaf Hoyer ohoyer@ohoyer.de Fuerchterliche Erlebniss geben zu raten, ob der, welcher sie erlebt, nicht etwas Fuerchterliches ist. (Nietzsche, Jenseits von Gut und Boese)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041019201733.E79192>