Date: Wed, 01 Dec 1999 16:08:31 +1030 From: wincent <wincent@dingoblue.net.au> To: "Cambria, Mike" <mcambria@lucent.com> Cc: <freebsd-questions@FreeBSD.org> Subject: Re: Local DNS on LAN Gateway with Multiple PPP Dialup Accounts Message-ID: <B46AF7E7.1958%wincent@dingoblue.net.au> In-Reply-To: <75ADD7496F0BD211ADC000104B8846CF012CEB0E@rerun.lucentctc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --MS_Mac_OE_3026909312_8729724_MIME_Part Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Earlier today I sent a question in. Here is one of the replies I received privately via email. I am sending my response back to the list in case others are interested. Sorry that it's in HTML format, but I wanted to use indentation! If the text wraps around, please forgive me! on 1/12/99 3:40 AM, Cambria, Mike wrote: > I don't have an answer for you. I am about to try to do what you have done. > Can you send me a copy of your DNS files? You should be able to tar the > /etc/namedb directory and mail that to me. My home domain is "unregistered" > (i.e. my.net isn't known outside of my LAN.) I also use a private IP > address range (172.16.x.x) on the local LAN. > > I've tried setting DNS up like this once with FreeBSD-3.3-Release, but > didn't get it working the way I wanted it to. Both natd/ipfw do work fine. > It's the DNS/BIND8 that I can't quite get working. > > Thanks, > MikeC The following files worked first time for me. I am running the FreeBSD 3.3-RELEASE from the CD with the latest version of PPP (available from http://www.freebsd.org/~brian/). I am by no means an expert at this stuff, having only installed FreeBSD a few days ago. So I must advise that although these files work for me, I can't be sure that I've done things exactly the right way. They work. That's all. I am posting them here because I think they might be helpful to newbies. There is some excellent documentation out there (eg. The Pedantic PPP Primer) but a lot of it is out of date, so this might help. So here we go... My /etc/hosts file: The machines on my private network are called "steve" and "jobs" in honour of Everybody's Favourite ICEO (TM). steve is my Mac desktop machine, and jobs is the FreeBSD gateway box. I've chosen to call my home network "wincent.lan" because I find names like "my.domain" to be rather hackneyed. # $FreeBSD: src/etc/hosts,v 1.9.2.1 1999/08/29 14:18:44 peter Exp $ # In the presence of the domain name service or NIS, this file may # not be consulted at all; see /etc/host.conf for the resolution order. 127.0.0.1 localhost localhost.wincent.lan 192.168.0.1 jobs jobs.wincent.lan 192.168.0.2 steve steve.wincent.lan My /etc/host.conf file has only two lines: hosts bind My /etc/namedb/named.conf file: The forwarders clause tells my local DNS to consult the big-mean-nasty DNS at my ISP if it can't resolve an address. For security, I only want machines on my LAN to be able to query the local DNS, so I have the "listen-on", "allow-query" and "allow-transfer" lines. I know the file is ugly due to the repetition of the allow-query and allow-transfer statements in each zone, I just haven't taken the time to clean it up yet... I believe they could be moved up to the options section. // $FreeBSD: src/etc/namedb/named.conf,v 1.5.2.1 1999/08/29 14:19:30 peter Exp $ // options { directory "/etc/namedb"; listen-on {192.168.0.1; 192.168.0.2; 127.0.0.1;}; forward only; forwarders { 203.2.75.2; 203.2.75.12; // 203.5.73.2; //camtech // 203.5.73.1; //camtech }; }; zone "." { type hint; file "named.root"; allow-query { 192.168.0.0/24; 127.0.0.1/32; }; allow-transfer { 192.168.0.0/24; 127.0.0.1/32; }; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "localhost.rev"; allow-query { 192.168.0.0/24; 127.0.0.1/32; }; allow-transfer { 192.168.0.0/24; 127.0.0.1/32; }; }; zone "wincent.lan" { type master; file "db.wincent.lan"; allow-query { 192.168.0.0/24; 127.0.0.1/32; }; allow-transfer { 192.168.0.0/24; 127.0.0.1/32; }; }; zone "0.168.192.IN-ADDR.ARPA" { type master; file "db.wincent.lan.rev"; allow-query { 192.168.0.0/24; 127.0.0.1/32; }; allow-transfer { 192.168.0.0/24; 127.0.0.1/32; }; }; Then there's my /etc/namedb/localhost.rev: ; From: @(#)localhost.rev 5.1 (Berkeley) 6/30/90 ; $FreeBSD: src/etc/namedb/PROTO.localhost.rev,v 1.4.2.1 1999/08/29 14:19:29 peter Exp $ ; ; This file is automatically edited by the `make-localhost' script in ; the /etc/namedb directory. ; @ IN SOA jobs.wincent.lan. root.jobs.wincent.lan. ( 19991130 ; Serial 3600 ; Refresh 900 ; Retry 3600000 ; Expire 3600 ) ; Minimum IN NS jobs.wincent.lan. 1 IN PTR localhost.wincent.lan. My /etc/namedb/db.wincent.lan: @ IN SOA jobs.wincent.lan. root.jobs.wincent.lan. ( 199911301 ; Serial 3600 ; Refresh 900 ; Retry 3600000 ; Expire 3600 ) ; Minimum IN NS jobs.wincent.lan. jobs IN A 192.168.0.1 steve IN A 192.168.0.2 And my /etc/namedb/db.wincent.lan.rev: @ IN SOA jobs.wincent.lan. root.jobs.wincent.lan. ( 199911301 ; Serial 3600 ; Refresh 900 ; Retry 3600000 ; Expire 3600 ) ; Minimum IN NS jobs.wincent.lan. 1 IN PTR jobs 2 IN PTR steve Naturally, I also need the following lines in my /etc/rc.conf: named_enable="YES" named_flags="-b /etc/namedb/named.conf" Of course, there is also the named.root file, which I believe just about everyone has installed by default, so I won't list it here. As I said above, I think there could be a few technical mistakes in here as I am a bit of newbie, but it works on my machine (or appears to work). I don't know: maybe it's possible to do it in fewer files... like, could db.wincent.lan and db.wincent.lan.rev be collapsed into one file? Maybe I need more files! Like, why do I have a localhost.rev but not a localhost file? Ah well... I am kind of expecting a barrage of emails telling me I am doing it all wrong! :-) Anyway, like I said, as it stands, it works. It answers queries I make from either "steve" or "jobs" about the LAN. It won't let machines outside the LAN make queries. If it doesn't know an address from outside the LAN (eg. www.freebsd.org), it asks my ISP's DNS for the address. Next time I ask for the address, it won't have to ask because it stores it in its cache. I am pretty happy with the way it works (especially seeing as my ISP DNS occasionally goes down.... it will be lovely to have a local, cache-based DNS that works on those occasions!) Anyway, hope this helped in some way. Cheers Wincent --MS_Mac_OE_3026909312_8729724_MIME_Part Content-type: text/html; charset="US-ASCII" Content-transfer-encoding: quoted-printable <HTML> <HEAD> <TITLE>Re: Local DNS on LAN Gateway with Multiple PPP Dialup Accounts</TITL= E> </HEAD> <BODY> Earlier today I sent a question in. Here is one of the replies I received p= rivately via email. I am sending my response back to the list in case others= are interested. Sorry that it's in HTML format, but I wanted to use indenta= tion! If the text wraps around, please forgive me!<BR> <BR> on 1/12/99 3:40 AM, Cambria, Mike wrote:<BR> <BR> > I don't have an answer for you. I am about to try to do what you= have done.<BR> > Can you send me a copy of your DNS files? You should be able to = tar the<BR> > /etc/namedb directory and mail that to me. My home domain is &qu= ot;unregistered"<BR> > (i.e. my.net isn't known outside of my LAN.) I also use a privat= e IP<BR> > address range (172.16.x.x) on the local LAN.<BR> > <BR> > I've tried setting DNS up like this once with FreeBSD-3.3-Release, but= <BR> > didn't get it working the way I wanted it to. Both natd/ipfw do = work fine.<BR> > It's the DNS/BIND8 that I can't quite get working.<BR> > <BR> > Thanks,<BR> > MikeC<BR> <BR> The following files worked first time for me. I am running the FreeBSD 3.3-= RELEASE from the CD with the latest version of PPP (available from http://ww= w.freebsd.org/~brian/).<BR> <BR> I am by no means an expert at this stuff, having only installed FreeBSD a f= ew days ago. So I must advise that although these files work for me, I can't= be sure that I've done things exactly the right way. They work. That's all.= <BR> <BR> I am posting them here because I think they might be helpful to newbies. Th= ere is some excellent documentation out there (eg. The Pedantic PPP Primer) = but a lot of it is out of date, so this might help.<BR> <BR> So here we go... <BR> <BR> My /etc/hosts file:<BR> <BR> The machines on my private network are called "steve" and "j= obs" in honour of Everybody's Favourite ICEO (TM). steve is my Mac desk= top machine, and jobs is the FreeBSD gateway box. I've chosen to call my hom= e network "wincent.lan" because I find names like "my.domain&= quot; to be rather hackneyed.<BR> <BR> <BLOCKQUOTE><FONT COLOR=3D"#008000"># $FreeBSD: src/etc/hosts,v 1.9.2.1 1999/= 08/29 14:18:44 peter Exp $<BR> <BR> # In the presence of the domain name service or NIS, this file may<BR> # not be consulted at all; see /etc/host.conf for the resolution order.<BR> <BR> 127.0.0.1 localhost localhost.wincent.lan<BR> <BR> 192.168.0.1 jobs jobs.wincent.lan<BR> 192.168.0.2 steve steve.wincent.lan<BR> </FONT></BLOCKQUOTE><BR> My /etc/host.conf file has only two lines:<BR> <BR> <BLOCKQUOTE><FONT COLOR=3D"#008000">hosts<BR> bind<BR> </FONT></BLOCKQUOTE><BR> My /etc/namedb/named.conf file:<BR> <BR> The forwarders clause tells my local DNS to consult the big-mean-nasty DNS = at my ISP if it can't resolve an address. For security, I only want machines= on my LAN to be able to query the local DNS, so I have the "listen-on&= quot;, "allow-query" and "allow-transfer" lines. I know = the file is ugly due to the repetition of the allow-query and allow-transfer= statements in each zone, I just haven't taken the time to clean it up yet..= . I believe they could be moved up to the options section.<BR> <BR> <BLOCKQUOTE><FONT COLOR=3D"#008000">// $FreeBSD: src/etc/namedb/named.conf,v = 1.5.2.1 1999/08/29 14:19:30 peter Exp $<BR> //<BR> <BR> options {<BR> directory "/etc/namedb";<BR> listen-on {192.168.0.1; 192.168.0.2; 127.0.0.1;};<BR> <BR> forward only;<BR> forwarders {<BR> 203.2.75.2; <BR> 203.2.75.12;<BR> // 203.5.73.2; //camtech<BR> // 203.5.73.1; //camtech<BR> };<BR> <BR> <BR> };<BR> <BR> <BR> zone "." {<BR> type hint;<BR> file "named.root";<BR> allow-query {<BR> 192.168.0.0/24;<BR> 127.0.0.1/32;<BR> };<BR> allow-transfer {<BR> 192.168.0.0/24;<BR> 127.0.0.1/32;<BR> };<BR> };<BR> <BR> zone "0.0.127.IN-ADDR.ARPA" {<BR> type master;<BR> file "localhost.rev";<BR> allow-query {<BR> 192.168.0.0/24;<BR> 127.0.0.1/32;<BR> };<BR> allow-transfer {<BR> 192.168.0.0/24;<BR> 127.0.0.1/32;<BR> };<BR> };<BR> <BR> <BR> zone "wincent.lan" {<BR> type master;<BR> file "db.wincent.lan";<BR> allow-query {<BR> 192.168.0.0/24;<BR> 127.0.0.1/32;<BR> };<BR> allow-transfer {<BR> 192.168.0.0/24;<BR> 127.0.0.1/32;<BR> };<BR> };<BR> <BR> zone "0.168.192.IN-ADDR.ARPA" {<BR> type master;<BR> file "db.wincent.lan.rev";<BR> allow-query {<BR> 192.168.0.0/24;<BR> 127.0.0.1/32;<BR> };<BR> allow-transfer {<BR> 192.168.0.0/24;<BR> 127.0.0.1/32;<BR> };<BR> };<BR> </FONT></BLOCKQUOTE><BR> <BR> Then there's my /etc/namedb/localhost.rev:<BR> <BR> <BLOCKQUOTE><FONT COLOR=3D"#008000">; From: @(#)localhost.r= ev 5.1 (Berkeley) 6/30/90<BR> ; $FreeBSD: src/etc/namedb/PROTO.localhost.rev,v 1.4.2.1 1999/08/29 14:19:2= 9 peter Exp $<BR> ;<BR> ; This file is automatically edited by the `make-localhost' script in<BR> ; the /etc/namedb directory.<BR> ;<BR> <BR> @ IN SOA jobs.wincent= .lan. root.jobs.wincent.lan. (<BR> &n= bsp; 19991130 ; Serial<BR> &n= bsp; 3600 ; Refresh<BR> &n= bsp; 900 ; Retry<BR> &n= bsp; 3600000 ; Expire<BR> &n= bsp; 3600 ) ; Minimum<BR> IN NS jobs.wincent.l= an.<BR> 1 IN PTR localhost.wi= ncent.lan.<BR> </FONT></BLOCKQUOTE><BR> My /etc/namedb/db.wincent.lan:<BR> <BR> <BLOCKQUOTE><FONT COLOR=3D"#008000">@ IN = SOA jobs.wincent.lan. root.jobs.wincent.lan. (<BR> 19991130= 1 ; Serial<BR> 3600 &nb= sp; ; Refresh<BR> 900 &nbs= p; ; Retry<BR> 3600000 = ; Expire<BR> 3600 ) &= nbsp; ; Minimum<BR> IN NS jobs.win= cent.lan.<BR> <BR> jobs IN A 192.168.0.1= <BR> steve IN A 192.168.0.= 2<BR> </FONT></BLOCKQUOTE><BR> And my /etc/namedb/db.wincent.lan.rev:<BR> <BR> <BLOCKQUOTE><FONT COLOR=3D"#008000">@ IN = SOA jobs.wincent.lan. root.jobs.wincent.lan. (<BR> 19991130= 1 ; Serial<BR> 3600 &nb= sp; ; Refresh<BR> 900 &nbs= p; ; Retry<BR> 3600000 = ; Expire<BR> 3600 ) &= nbsp; ; Minimum<BR> IN NS jobs.win= cent.lan.<BR> <BR> 1 IN PTR jobs<B= R> 2 IN PTR steve<BR> </FONT></BLOCKQUOTE><BR> Naturally, I also need the following lines in my /etc/rc.conf:<BR> <BR> <BLOCKQUOTE><FONT COLOR=3D"#008000">named_enable=3D"YES"<BR> named_flags=3D"-b /etc/namedb/named.conf"<BR> </FONT></BLOCKQUOTE><BR> Of course, there is also the named.root file, which I believe just about ev= eryone has installed by default, so I won't list it here. As I said above, I= think there could be a few technical mistakes in here as I am a bit of newb= ie, but it works on my machine (or appears to work). I don't know: maybe it'= s possible to do it in fewer files... like, could db.wincent.lan and db.winc= ent.lan.rev be collapsed into one file? Maybe I need more files! Like, why d= o I have a localhost.rev but not a localhost file? Ah well... I am kind of e= xpecting a barrage of emails telling me I am doing it all wrong! :-) Anyway,= like I said, as it stands, it works.<BR> <BR> It answers queries I make from either "steve" or "jobs"= about the LAN. It won't let machines outside the LAN make queries. If it do= esn't know an address from outside the LAN (eg. www.freebsd.org), it asks my= ISP's DNS for the address. Next time I ask for the address, it won't have t= o ask because it stores it in its cache. I am pretty happy with the way it w= orks (especially seeing as my ISP DNS occasionally goes down.... it will be = lovely to have a local, cache-based DNS that works on those occasions!)<BR> <BR> Anyway, hope this helped in some way.<BR> <BR> Cheers<BR> Wincent<BR> <BR> <BR> <BR> <BR> </BODY> </HTML> --MS_Mac_OE_3026909312_8729724_MIME_Part-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B46AF7E7.1958%wincent>