Date: Sat, 24 Mar 2001 10:00:55 -0500 From: trini0 <trini0@optonline.net> To: Questions <questions@freebsd.org> Cc: Len Conrad <LConrad@Go2France.com>, walter@binity.com Subject: Re: DNS Part II Message-ID: <3ABCB6A7.1000702@optonline.net> References: <5.0.0.25.0.20010324063333.0550dd40@mail.Go2France.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--Boundary_(ID_3rs/S6b8jLPYXdu2mXcdsg)
Content-type: text/plain; charset=us-ascii; format=flowed
Content-transfer-encoding: 7BIT
Len Conrad wrote:
>
>> mail services just for my little lan. I used the o'reilly dns book to
>> aid me. With everything done, nameresolution did what it was supposed
>> to do. I noticed that there were multiple queries going out on the
>> net to the root servers. I didn't want that to happen,
>
>
> why not? how else do you expect your NS to navigate the domain
> namespace? Your DNS was doing iterative queries to the root and lower
> servers to resolve the recursive query from your LAN.
Ideally, I would prefer my box to handle requests for "internal" lan requests,
and then if it doesn't know to query my ISP's ns..
>
>> (didn't know if it was illegal or proper).
>
>
> legal and proper
Im not "supposed" to be running any form of servers on my cable link.
This is purely educational, for when I get out in the "real" world,
Ill know what Im doing.
If my ISP doesn't know, the better.. Hope you understand.
>
>> I changed my db.cache file to just say that my box was the "root"
>> server. Now that solved the multiple queries going to the root
>> servers, but now Im unable to "nslookup" outside my lan, but yet I can
>> still surf, send email, etc...
>
>
> so don't be a root server
>
> Use dig rather than nslookup, or least use the latest ISC lookup in BIND
> 8.2.3 which no longer requires a PTR record for the NS being used.
Never heard of dig. Ill look it up. Im running 8.2.3-T6B.
>
>> My resolve.conf file specifies to use my nameserver first and then my
>> ISP's primary then secondary.
>
>
> that's fine for when your LAN NS is unreachable
>
>> Am I going about things wrongly. Is it even possible to have a private
>> dns box where it resolves for the lan
>
>
> To resolve for the LAN, your LAN's boxes have to be in a (private,
> internal) zone for which your DNS is authoritative. Have you set up a
> "private" zone for your LAN with your NS as authoritative for it,
> something private and non-conflictual like mydomain.trini ?
Im using fictional domain "example.net"
>
>> and if queries aren't found there, to go and query my ISP's name
>> servers??
>
>
> The forwarding setup works, too, but it's not the only way. It does
> have the advantage of less traffic on your internet link it the latter
> is a dial-up modem, but is not really much advantage if you have
> hi-speed link such as cable or DSL.
>
>
Im still haveing errors with named.conf's syntax. I tried what walter and others have said,
tried what the man page said. I found a ver 8 in the book which stated ==>
options {
forwarders { 192.249.249.1; 192.249.249.3; };
};
I tried that and Im still getting errors. I have included my named.conf file.
Thanks for your constructive criticism all.
Thanks
--Boundary_(ID_3rs/S6b8jLPYXdu2mXcdsg)
Content-type: text/plain; name=named.conf
Content-transfer-encoding: 7BIT
Content-disposition: inline; filename=named.conf
options {
directory "/etc/namedb";
};
forward only;
forwarders { 167.206.112.3; 167.206.112.4; };
zone "example.net" in {
type master;
file "db.example.net";
};
zone "0.168.192.in-addr.arpa" in {
type master;
file "db.192.168.0";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "db.127.0.0";
};
zone "." in {
type hint;
file "db.cache";
};
--Boundary_(ID_3rs/S6b8jLPYXdu2mXcdsg)--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ABCB6A7.1000702>