Date: Wed, 4 Jan 2006 22:57:33 +0200 From: "Reko Turja" <reko.turja@liukuma.net> To: "Brian Bobowski" <bbobowski@gmail.com>, "FreeBSD User Questions List" <freebsd-questions@freebsd.org> Subject: Re: Setting up a FreeBSD gateway Message-ID: <011201c61171$7c3d3300$0a0aa8c0@endor.swagman.org> References: <43BC097C.4000401@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----
From: "Brian Bobowski" <bbobowski@gmail.com>
To: "FreeBSD User Questions List" <freebsd-questions@freebsd.org>
Sent: Wednesday, January 04, 2006 7:44 PM
Subject: Setting up a FreeBSD gateway
> However, I don't know how to set up DNS. Specifically, I want to
> either pass all DNS requests through the gateway, or have the gateway
> run a local DNS that queries my ISP's DNS in turn. Can anyone point me
> to some steps on how to set that up?
If you're going to use BIND (which I recommend and which is included in
the system) check at least the following parameters in named.conf:
listen-on
- set this to your internal IP
forwarders
- if you dont want to fetch every single record from the official DNS's
and want to utilize your providers DNS cache, set this variable to point
on your ISP's DNS servers.
forward-only
as you're going to have your own domain records set up be sure this is
commented out.
Basically BIND with this kind of configuration will forward queries to
master or forwarder servers unless it has the master record itself or
there is cached record, which is still valid.
defining the localhost:
If the machine names are set up right in your fbsd installation,
easiest is to use the make-localhost in the /etc/namedb directory.
Then you forward zone file for your "domain" as well as reverse zones
for the ip-ranges in use. My files are:
master/mydomain.org file:
$TTL 3600
@ IN SOA xxx.xxx.org. root.xxx.org. (
; we define authority as well as the base domain (first xxx.org and
; the administrative contact - as bind has other uses for "." the mail
; address is notes with dot between domain and username.
2005111301 ;serial
; good idea is to use the shown date notation, and ALWAYS bump the
serial whatever
;you do to the zone files)
86400 ;refresh 24h
7200 ;retry 2h
192200 ;expire 2d
86400) ;minimum 24h
IN NS moria.endor.swagman.org.
; we define name servers for the zone only one is usually needed for
"private" dns use.
IN MX 5 moria.endor.swagman.org.
; I define mail handler server just in case...
moria IN A 192.168.10.1
rivendell IN A 192.168.10.10
lorien IN A 192.168.10.11
muppet IN A 192.168.10.20
;and then add my workstations
As the main forward zone is now set up, we need the reverse zones as
well.
My reverse zone for above setup is (master/rev.mydomain.org):
$TTL 1d
@ IN SOA xxx.xxx.org. root.swagman.org. (
2005111301 ;serial
1d ;refresh
2h ;retry
20d ;expire
2h ) ;neg cache
IN NS moria.endor.swagman.org.
1 IN PTR moria.endor.swagman.org.
10 IN PTR rivendell.endor.swagman.org.
11 IN PTR lorien.endor.swagman.org.
20 IN PTR muppet.endor.swagman.org.
With BIND the dots after the names are important, otherwise the names
end up as name.my.domain.my.domain which usually isn't what you want :)
After the zones are set up you can add them to named.conf as follows:
zone "xxx.xxx.org" {
type master;
file "master/mydomain.org";
};
zone "10.168.192.in-addr.arpa" {
type master;
file "master/rev.mydomain.org";
};
In the above note the naming of reverse zone. To get correct resolution
of reverse names you need to name your zone with similar formatting.
Hope this helps a bit (although I recommend getting Bind handbook
8available from ISC as pdf, or some of the "basic" BSD books like Greg
Lehey's, Or Michael Lucas's books on Freebsd - both have a good chapter
on DNS setup with BIND. Of course nothing beats the O'Reilly Cricket
book.)
-Reko
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?011201c61171$7c3d3300$0a0aa8c0>