Hi, I have set up a DNS server for the first time. I am using bind9 from Debian stable. This is to serve an Intranet, whose users have access to Internet, but the domain used is not registered there (it's only for internal use).
I'd like to know about my setup, whether it is correct or I am being exceedengly stupid somewhere. The DNS server has 192.168.1.80 as IP address. First of all, I have added these lines to my /etc/bind/named.conf file: forwarders { 212.25.129.66; 212.25.129.2; }; listen-on port 53 { 192.168.1.80; # listen on local interface only 127.0.0.1; # Make sure machine can get to itself }; The forwarders are the nameservers for our ISP. This seem to work great, as the Intranet machines now only have to specify 192.168.1.80 as the nameserver address, and the server resolves for them both internal and external domains. After the options clause closes, I put: // prime the server with knowledge of the root servers // zone "." { // type hint; // file "/etc/bind/db.root"; // }; I have commented out this. I read somewhere that, serving an Intranet, one should drop the root hints. I am not sure whether this is proper or not, thanks in advance for confirming this. Next zones are not commented out: zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; I once saw a sample config, adding 'allow-update { none; };' to each one of these zones. What is this for? Should I also add this option in my Intranet setup? My Intranet zone is defined as follows: zone "oberthurma.com" { type master; file "/etc/bind/db.oberthurma.com"; # allow-transfer { any; }; allow-update { none; }; notify no; }; And the zone file (/etc/bind/db.oberthurma.com) is like this: @ IN SOA ns.oberthurma.com. hostmaster.oberthurma.com. ( 2003090401 ; serial, todays date + todays serial # 8H ; refresh, seconds 2H ; retry, seconds 4W ; expire, seconds 1D ; minimum, seconds ) NS ns ; Inet Address of name server MX 10 mail.oberthurma.com. ; Primary Mail Exchanger MX 20 mail.oberthurma.com. ; Secondary Mail Exchanger ns IN A 192.168.1.80 mail IN A 192.168.1.80 maserv01 IN A 192.168.1.2 maserv02 IN A 192.168.1.80 imap IN CNAME maserv02 pop IN CNAME maserv02 smtp IN CNAME maserv02 My feeling about this is, the mail exchangers are not going to be used, as any mail client in the Intranet is going to use the server as a smarthost, instead of using SMTP directly. So, are the MX records mandatory? Is it mandatory to include a secondary MX, where its exchanger name is the same as the primary MX? I also added a reverse zone, but I think it's of no interest, here. Thanks in advance for pointing any mistake in the named.conf or in the zone files. Nevertheless up to today, everything seems to work in a smooth way. Anyway, any feedback will be very useful for me. Regards, Ismael -- "Tout fourmille de commentaries; d'auteurs il en est grande cherté" -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]