Date: Thu, 5 Jan 2006 09:33:58 -0500 From: Teo De Las Heras <teoheras@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Setting up a FreeBSD gateway Message-ID: <d9d7f5a0601050633v637df03fv4c7ee27f1116d7f5@mail.gmail.com> In-Reply-To: <011101c61171$7a81a050$0a0aa8c0@endor.swagman.org> References: <43BC097C.4000401@gmail.com> <011101c61171$7a81a050$0a0aa8c0@endor.swagman.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for the information! I'm getting ready to set up BIND for the first
time and this will be very useful.
Teo
On 1/4/06, Reko Turja <reko.turja@liukuma.net> wrote:
>
>
> ----- Original Message -----
> From: "Brian Bobowski" <bbobowski@gmail.com>
> To: "FreeBSD User Questions List" <freebsd-questions@freebsd.org>
> Sent: Wednesday, January 04, 2006 7:44 PM
> Subject: Setting up a FreeBSD gateway
>
> > However, I don't know how to set up DNS. Specifically, I want to
> > either pass all DNS requests through the gateway, or have the gateway
> > run a local DNS that queries my ISP's DNS in turn. Can anyone point me
> > to some steps on how to set that up?
>
> If you're going to use BIND (which I recommend and which is included in
> the system) check at least the following parameters in named.conf:
>
> listen-on
> - set this to your internal IP
> forwarders
> - if you dont want to fetch every single record from the official DNS's
> and want to utilize your providers DNS cache, set this variable to point
> on your ISP's DNS servers.
> forward-only
> as you're going to have your own domain records set up be sure this is
> commented out.
>
> Basically BIND with this kind of configuration will forward queries to
> master or forwarder servers unless it has the master record itself or
> there is cached record, which is still valid.
>
> defining the localhost:
> If the machine names are set up right in your fbsd installation,
> easiest is to use the make-localhost in the /etc/namedb directory.
>
> Then you forward zone file for your "domain" as well as reverse zones
> for the ip-ranges in use. My files are:
>
> master/mydomain.org file:
>
> $TTL 3600
> @ IN SOA xxx.xxx.org. root.xxx.org. (
> ; we define authority as well as the base domain (first xxx.org and
> ; the administrative contact - as bind has other uses for "." the mail
> ; address is notes with dot between domain and username.
> 2005111301 ;serial
> ; good idea is to use the shown date notation, and ALWAYS bump the
> serial whatever
> ;you do to the zone files)
> 86400 ;refresh 24h
> 7200 ;retry 2h
> 192200 ;expire 2d
> 86400) ;minimum 24h
>
> IN NS moria.endor.swagman.org.
> ; we define name servers for the zone only one is usually needed for
> "private" dns use.
> IN MX 5 moria.endor.swagman.org.
> ; I define mail handler server just in case...
> moria IN A 192.168.10.1
> rivendell IN A 192.168.10.10
> lorien IN A 192.168.10.11
> muppet IN A 192.168.10.20
> ;and then add my workstations
>
> As the main forward zone is now set up, we need the reverse zones as
> well.
>
> My reverse zone for above setup is (master/rev.mydomain.org):
> $TTL 1d
> @ IN SOA xxx.xxx.org. root.swagman.org. (
> 2005111301 ;serial
> 1d ;refresh
> 2h ;retry
> 20d ;expire
> 2h ) ;neg cache
>
> IN NS moria.endor.swagman.org.
>
> 1 IN PTR moria.endor.swagman.org.
> 10 IN PTR rivendell.endor.swagman.org.
> 11 IN PTR lorien.endor.swagman.org.
> 20 IN PTR muppet.endor.swagman.org.
>
>
> With BIND the dots after the names are important, otherwise the names
> end up as name.my.domain.my.domain which usually isn't what you want :)
>
> After the zones are set up you can add them to named.conf as follows:
>
> zone "xxx.xxx.org" {
> type master;
> file "master/mydomain.org";
> };
>
> zone "10.168.192.in-addr.arpa" {
> type master;
> file "master/rev.mydomain.org";
> };
>
>
> In the above note the naming of reverse zone. To get correct resolution
> of reverse names you need to name your zone with similar formatting.
>
> Hope this helps a bit (although I recommend getting Bind handbook
> 8available from ISC as pdf, or some of the "basic" BSD books like Greg
> Lehey's, Or Michael Lucas's books on Freebsd - both have a good chapter
> on DNS setup with BIND. Of course nothing beats the O'Reilly Cricket
> book.)
>
> -Reko
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d9d7f5a0601050633v637df03fv4c7ee27f1116d7f5>