Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 2 Jan 2012 00:58:43 +0100
From:      Walter Alejandro Iglesias <roquesor@gmail.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: DNS
Message-ID:  <20120101235843.GB55393@chancha.local>
In-Reply-To: <CAFuo_fwY2vbtDw247LDVwbA_b1X=Rs8Kd9fh8pFDqt8x7BXk2A@mail.gmail.com>
References:  <CAHsiZG8z8eNTLKzPvAsVm7ZTBwkNGLA%2BcLjQ2gJJvez6Aj8ChQ@mail.gmail.com> <CAHsiZG-tMwY2xjLx4Td24--FgXgEqqJW6e_JPkJnSznY1dEo5w@mail.gmail.com> <CAHsiZG9aah6nS3sQ==JNMw5x426vxUa6MfgcJqLSv0s9YXdY7A@mail.gmail.com> <CAFuo_fxnt%2BEWtKHaBnMHDx6UiYHt84=P1QNuGqigkj-EZHJCwA@mail.gmail.com> <20120101224708.GA44456@chancha.local> <20224.58435.410063.543105@jerusalem.litteratus.org> <CAFuo_fwY2vbtDw247LDVwbA_b1X=Rs8Kd9fh8pFDqt8x7BXk2A@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 01, 2012 at 03:24:59PM -0800, Waitman Gobble wrote:
> On Sun, Jan 1, 2012 at 2:54 PM, Robert Huff <roberthuff@rcn.com> wrote:
> 
> >
> > Walter Alejandro Iglesias writes:
> >
> > >  Time ago I made the attempt to setup my own DNS in the same
> > >  machine I had my web server running.  DNS was the only thing I
> > >  was not able to automatically update in the system with my
> > >  scripts each time a new customer purchased a service.  It would
> > >  be wonderful for me if you or anyone here at least confirm me if
> > >  it is really possible.
> >
> >         What is possible - updating using scripts, or running BIND on
> > the same machine as a web server (presumably Apache)?
> >        While I'm sure someone has written them, I don't know of any
> > scripts that will "update" (whatever that means) BIND configuration
> > files that are included either as part of the base system or as
> > ports.
> >        However, running BIND and Apache is certainly possible - the
> > machine I'm typing this on does exactly that.
> >
> >
> >                                Robert Huff
> >
> >
> I agree with Robert, it's generally no problem, at least technically, to
> run BIND on the same machine. (Unless in certain situations I can think of
> at the moment) you are running your httpd server on a non-public network
> behind a firewall, doing certain things with NAT on the router, or running
> httpd on a "private machine" that only "gets traffic" from a public-facing
> cache/proxy like squid. These situations don't rule out use but could cause
> 'looping' or otherwise cause problems depending on how your network and
> name system is setup.
> 
> It is better to have more than one machine running name services, if
> possible. Also a good idea to prohibit zone transfers and recursive
> lookups, or at least limit very carefully.
> 
> You should be able to set up a zone update thing for your customers, just
> keep TTL somewhat short, and update your serial # in the zone so that
> external caches will pull the updates (using date and/or time is probably
> best.) And you probably don't want the daemon/nobody httpd user fooling
> around with the zone files or named process directly so it's best to set a
> signal in your script like 'touch /tmp/updatebind' or something and have a
> cron job check for the 'signal'.
> 
> Waitman


Thanks Waitman,

The true is I am a bit lost, perhaps (here is late, 00:54) I am
a bit hungry and tired :-).  I will dinner, sleep and tomorrow
morning with a fresh mind I will reread carefully this last
message.  I'll buy the book you advised too.


	Walter






Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120101235843.GB55393>