-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 23 October 2003 22:47, Joshua Banks wrote: > Hello, > > Gentoo Automatically created 3 accounts when I emerged "djbdns". The > following where created: dnscache:x:1001:200::/nonexistent:/bin/false > dnslog:x:1002:200::/nonexistent:/bin/false > tinydns:x:1003:200::/nonexistent:/bin/false > > The djbdns docs wanted me to create "Gdnscache and Gdnslog" system > accounts. Confusing. Can I just rename these accounts, delete them and then > recreate, or does it matter?
Just exchange Gdnscache and Gdnslog for those the ebuild made. As for the setup, I wrote this just this saturday, might help. Right, basic setup. Tinydns listens on 127.0.0.1, dnscache(x) listens on an/the external interface(s). Tiny is the resolver, dnscache the .... (brainfart moment). My router has it's internal address in /etc/resolv.conf (it's 192 address). Lets do this backwards, starting with dnscache. redshat root # cat /etc/dnscache/env/IP 192.168.0.1 You will need dnscache, and dnscachex. One on the internal that will resolve anything, and one on the external that will only resolve your domain. The files in /etc/dnscache/root/ip/ tell dnscache who is allowed access, in my case redshat root # ls -lh /etc/dnscache/root/ip/ total 0 - -rw------- 1 root root 0 Jul 1 02:43 127.0.0.1 - -rw-r--r-- 1 root root 0 Jul 1 02:43 192.168 I'm pretty sure an @ will allow anyone. To tell it what it is authorative for, and where it go for the resolver put files in /etc/dnscache/root/servers redshat root # ls -lh /etc/dnscache/root/servers/ total 12K - -rw-r--r-- 1 root root 10 Jul 1 02:43 0.168.192.in-addr.arpa - -rw-r--r-- 1 root root 164 Jul 1 02:43 @ - -rw-r--r-- 1 root root 10 Jul 1 02:43 home.gaima.co.uk redshat root # cat /etc/dnscache/root/servers/0.168.192.in-addr.arpa 127.0.0.1 redshat root # cat /etc/dnscache/root/servers/home.gaima.co.uk 127.0.0.1 redshat root # cat /etc/dnscache/root/servers/\@ 198.41.0.4 128.9.0.107 192.33.4.12 128.8.10.90 192.203.230.10 192.5.5.241 192.112.36.4 128.63.2.53 192.36.148.17 198.41.0.10 193.0.14.129 198.32.64.12 202.12.27.33 Reverse for 192.168., forward for home.gaima.co.uk, and for anything else pick a root server (default config I think). Now to tinydns. redshat root # cat /etc/tinydns/env/IP 127.0.0.1 It only listens on localhost. Now all you need is the data. A nameserver .home.gaima.co.uk:192.168.0.1:redshat.home.gaima.co.uk:259200 Another nameserver .0.168.192.in-addr.arpa:192.168.0.1:redshat.home.gaima.co.uk:259200 An A record, with PTR =redshat.home.gaima.co.uk:192.168.0.1 A CNAME Cmrtg.redshat.home.gaima.co.uk:redshat.home.gaima.co.uk:86400 An MX @home.gaima.co.uk:redshat.home.gaima.co.uk:redshat.home.gaima.co.uk You'll have to read Dans docs on the data format, I can never remember :) HTH > I'm not new to DNS, networking and firewalling, but new to how these things > are done on Linux. I've > read through the djbdns doc's and need a little confirmation from the linux > pro's. > > I have Gentoo linux installed on a PC that acts as the firewall and > defaultgateway for the other 3 pc's on my lan doing NAT and basic packet > filtering. Right now the Gentoo Linux pc dials-up to the internet to get > its ip via dialup ppp0. This connection is then shared among 4 pc's. I > know..slow but this is all I have and it works fine for now. The ip that I > get every time I dialup is different but the dns server ip's are inputed > statically in KPPP's dialup tool. So everytime I dialup /ect/resolv.conf is > popultated with two dns entries temporarily while dialed up. > > What I ideally want if for the other 3 pc's that use the Gentoo linux box > as their default gateway to also send their DNS requests to this box as > well and then the Gentoo linux box would do the lookups on behalf of the > client and then return the requested info to the client doing the request > or have the requested info already cached. > > Give the description above of what I'm trying to do and the choices given > below from: http://cr.yp.to/djbdns.html , I'm alittle confused as to which > one does what I'm trying to do. Logically I think #5. Is this correct? > > 1. How to run a cache on a workstation > 2. How to run a computer without a cache > 3. How to run a forwarding cache on a home computer > 4. How to run an external cache for your network > 5. How to run an external forwarding cache > > My other question is about following some of the directions listed: > 1st question. > Quote: > "1. As root, create UNIX accounts named Gdnscache and Gdnslog." > Unquote: > So form the command line as root am I just creating the above "user > accounts" without passwords?? > > 2nd question. > Quote: > "3. As root, create an /etc/dnscache service directory, with your IP > address on the end of the line: > > dnscache-conf Gdnscache Gdnslog /etc/dnscache 10.53.0.1" > Unquote: > So from the command line i just need to create the directory "dnscache (my > ip-address)?? > > My example: > mkdir /etc/dnscache 192.168.1.1 > This creates the dnscache directory but I don't see 192.168.1.1 referenced > or associated with the "dnscache" directory created??? > > But then I'm totally confused with what the heck the following is?? > > dnscache-conf Gdnscache Gdnslog /etc/dnscache 10.53.0.1 > > Is this a command or do they want me to make "dnscache-conf", "Gdnscache" > and "Gdnslog" directories > under the /etc/dnscache ????? > > The lingo or symantics used have me very confused through out this entire > document? I don't understand what this means in laymens terms either. > > Quote: > "4. If your computer is running a DHCP client to obtain a dynamically > assigned IP address from your ISP, configure the DHCP client to make > external DNS cache information available to dnscache, and skip to step 8." > Unquote: > > Well I'm using PPP to dialup to get an ip. Sorry. I've never heard anyone > use this type of terminology before. I have know idea what it means to > configure a DHCP client to make external DNS cache information available to > dnschache. > I know what dhcp is and does but have no clue what the author is asking > here. > > Sorry...totally frustrated.... > > > Thanks, > Joshua Banks > > > > __________________________________ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product search > http://shopping.yahoo.com > > -- > [EMAIL PROTECTED] mailing list - -- Mike Williams -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/mE8VInuLMrk7bIwRAu9lAJ9ZtkSyp4eMGe6zjN+1hfv21bOuXgCfWe25 Bpu1nifxWqYbY6wuDBtRFKY= =xWgB -----END PGP SIGNATURE----- -- [EMAIL PROTECTED] mailing list
