Date: Thu, 12 Sep 2002 05:44:41 +0100 From: Andrew Boothman <andrew@cream.org> To: Ken Easson <ken@justken.net> Cc: questions@freebsd.org Subject: Re: Which DNS server? Message-ID: <3D801BB9.3010800@cream.org> References: <5.1.1.6.0.20020911160033.03cd94f0@mail.justken.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Ken Easson wrote:
>after a few weeks of trying to earn some money, i'm back trying to set up my freeBSD router, and stop using /hosts files
>
>I have not had any luck with either named(bind) or djbdns.
>
>bind - wow - complicated - and security concern?
>djbdns - seems to like making my hd light up every second or so - seems really hard on my system. as soon as i start tinydns the hd spins up for about half a sec every 2 seconds, why does it need to do this? can't it cache it's dns records in memory?
>I've got an overwhelming 32M of ram, but this system isn't doing a whole lot, just acting as a router for now.
>and i'm told i need two instances of it running - one for my internal servers, and one for my external - although the later i do not understand, since external lookups happen at the dns servers from my isp. (working great so far), i'd consider caching those, but right now... i've got bigger concerns.
>
>i am trying to set up an internal dns server to route my own domains back into my network, and any other domain lookups out to the Internet - sadly i'm using DHCP to get my dns servers ip - but they are quite static (i know, i know- no lectures on the evils of using dynamic ip to host www services.)
>
You should be able to get BIND to do this for you without too many
problems. It seems complicated at first, but it's really not that bad.
Edit /etc/namedb/named.conf so that :
1) You have a line like
listen-on {127.0.0.1; 192.168.0.1;};
in your 'options' section . This assumes that 192.168.0.1 is your
routers IP on your local network, and this is important so that named
won't answer requests from outside your network.
2) You have two new "zone" sections, after the 'options' section. Look
at the examples in named.conf. If your local domain is called ".home"
and you use the 192.168.0 network, you could use something like :
zone "home" {
type master;
file "home.fwd";
};
zone "0.168.192.IN-ADDR-ARPA" {
type master;
file "0.168.192.rev";
};
The first entry tells bind to answer requests for the .home domain, the
second tells it to answer requests for reverse lookup of 192.168.0.*
IPs. Notice how we put the IP address the other way around and add
".IN-ADDR.ARPA".
Now we need to create the actual zone files. We need two, firstly one to
contain the data for the .home domain which you should create as
/etc/namedb/home.fwd (Note throughout the files we often use hostnames
like gateway.home. instead of gateway.home - ie with an extra trailing
period. This is important and must not be missed out.)
-- Begin File --
$TTL 86400
@IN SOA gateway.home root.gateway.home. (
2002091201
86400
7200
8640000
66400)
IN NS gateway.home.
gateway IN A 192.168.0.1
freebsdbox IN A 192.168.0.2
windowsbox IN A 192.168.0.3
router IN CNAME gateway.home.
beast IN CNAME freebsdbox.home.
-- End File --
Don't worry about all the numbers near the start, they are VERY
important when dealing with other DNS servers on the net, but
unimportant when serving DNS for a few machines on your own LAN. The
file creates DNS entries for the local machine called gateway with IP
192.168.0.1, a machine called freebsdbox with IP 192.168.0.2 and a
machine called windowsbox with IP 192.168.0.3. It also creates two DNS
aliases, which are easy to understand.
Next, we need a zone file for the reverse lookups
(/etc/namedb/0.168.192.rev)
-- Begin File --
$TTL 86400
@IN SOA gateway.home. root.gateway.home. (
2002091201
86400
7200
8640000
66400)
IN NS gateway.home.
1 IN PTR gateway.home.
2 IN PTR freebsdbox.home.
3 IN PRE windowsbox.home.
-- End File --
This has set up the appropriate entries for reverse resolution.
After both of these files have been created, send HUP to named then
check /var/log/messages for errors because I'm sure either you or I or
both have made a mistake ;-)
Once everything is working, set enable_named="YES" in /etc/rc.conf to
have named started on boot.
Get in contact with any problems.
Andrew.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D801BB9.3010800>