Date: Sun, 21 Jul 2002 14:40:59 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Michael Sharp <freebsd@ec.rr.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: DNS config Message-ID: <20020721134059.GC27676@happy-idiot-talk.infracaninophi> In-Reply-To: <1244.192.168.1.4.1027256860.squirrel@webmail.probsd.ws> References: <1244.192.168.1.4.1027256860.squirrel@webmail.probsd.ws>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jul 21, 2002 at 09:07:40AM -0400, Michael Sharp wrote:
> I am taking a stab at running DNS , and have been reading some on it
> today.But, I wanted to touch base with some on the list to see if my
> thinking is correct before I deploy this.I am going to run named in a
> Jail() on 192.168.1.6 and my Internet IP is 66.26.7.34. For named.conf,
> I have:
>
> zone "0.0.127.IN-ADDR.ARPA" {
> type master;
> file "localhost.rev";
> };
> zone "1.168.192.in-addr.arpa" {
> type master;
> file "192.168.1.in-addr.arpa.conf";
> };
> zone "my-domain.com" {
> type master;
> file "my-domain.conf";
> };
Looks good.
> My questions are this, would I use 7.26.66.in-addr.arpa INSTEAD of
> 1.168.192 in the second zone above since my external IP is 66.26.7.34,
> or is what I have correct?
You probably do want to be serving the 1.168.192.in-addr.arpa zone if
you're using that internally. You definitely don't want to be serving
the whole 7.26.66.in-addr.arpa zone, as that covers a whole /24 net
block. If you are going to insist on providing your own reverse
lookup for that IP, then you could try running a zone file for
34.7.26.66.in-addr.arpa, but I would counsel against doing that.
The 66.26.7.34 IP number comes out of a block delegated to your ISP.
Because it's been officially delegated I can type 'host 66.26.7.34' on
a completely unrelated machine and my nameserver will chase through
all the delegations from in-addr.arpa. on down until it finds the
servers that can tell it authoritatively what hostname that IP number
corresponds to.
Now, if you run your own nameserver and load your own copy of that
zone into it, you will short circuit that lookup. Since your server
"knows" the answer to the query it will give you an authoritative
response straight away. Thus your internal machines will get a
different response to the lookup than an external user, and no
external user will see any modifications you make.
That might be precisely what you intend, and indeed there are very
good reasons for doing those sorts of tricks in certain circumstances.
However, in your case I think it's probable that all you need to do is
leave well alone and let your nameserver lookup that address from your
ISP's nameservers for you as required.
If you really need to be in control of that zone, you should approach
your ISP and ask them about delegating authority to your servers.
They may well refuse or want you to pay for the privilege.
> Second, why is the 0.0.127 zone " IN-ADDR.ARPA" capitalised where
> the others arent? The stock named.conf has it this way and I am
> just curious.
The DNS is case insensitive, so there's no practical difference
whatever case mixture you use. Looking up 'www.freebsd.org' will get
you the same result as looking up 'www.FreeBSD.ORG'. Some people like
to capitalise their zone data and named config files to make them look
prettier or to stand out better on the page, but there's no guarantee
that the fancy capitalisation will even be transmitted to the client
doing the lookup.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
Tel: +44 1628 476614 Marlow
Fax: +44 0870 0522645 Bucks., SL7 1TH UK
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020721134059.GC27676>