Re: Caching nameserver question - I need a spot here . . .
# [EMAIL PROTECTED] / 2003-01-28 10:52:10 -0500: > I want just a caching nameserver. If I understand correctly, you are > suggesting I remove the 0.0.127.IN-ADDR.ARPA zone. So I should only > have the hint zone, right? exactly. -- If you cc me or remove the list(s) completely I'll most likely ignore your message.see http://www.eyrie.org./~eagle/faqs/questions.html To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Caching nameserver question - I need a spot here . . .
On 01/28/03 03:39 PM, Roman Neuhauser sat at the `puter and typed:
> # [EMAIL PROTECTED] / 2003-01-27 17:15:29 -0500:
> > Hey all. I'm finally getting around to setting up a caching dns
> > server. Pretty confusing from my angle.
> >
> > Here's what I have so far:
> > named enaabled in /etc/rc.conf
> > cd to /etc/namedb and run sh make-localhost
> >
> > and the following in /etc/namedb/named.conf:
> >
> > options {
> > directory "/etc/namedb";
> > forward first;
> > forwarders {
> > 151.203.0.84;
> > 151.202.0.84;
> > };
> > listen-on { 10.8.20.5; };
> > version "surely you must be joking"
> > query-source address * port 53;
> > };
> >
> >
> > zone "." {
> > type hint;
> > file "named.root";
> > };
> >
> > zone "0.0.127.IN-ADDR.ARPA" {
> > type master;
> > file "localhost.rev";
> > };
>
> are you setting up a cache, or an authoritative server?
> IOW, do you want Bind to resolve names for clients (they'll will
> have it in /etc/resolv.conf and equivalents), or do you want it to
> publish names?
>
> You are doing both, but if you want to have this Bind resolving
> names for clients (external cache), being authoritative for
> 0.0.127.in-addr.arpa doesn't IMO make sense.
>
I want just a caching nameserver. If I understand correctly, you are
suggesting I remove the 0.0.127.IN-ADDR.ARPA zone. So I should only
have the hint zone, right?
Thanks for your comments, Roman.
Lou
--
Louis LeBlanc [EMAIL PROTECTED]
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org ԿԬ
Prototype designs always work.
-- Don Vonada
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
Re: Caching nameserver question - I need a spot here . . .
# [EMAIL PROTECTED] / 2003-01-27 17:15:29 -0500:
> Hey all. I'm finally getting around to setting up a caching dns
> server. Pretty confusing from my angle.
>
> Here's what I have so far:
> named enaabled in /etc/rc.conf
> cd to /etc/namedb and run sh make-localhost
>
> and the following in /etc/namedb/named.conf:
>
> options {
> directory "/etc/namedb";
> forward first;
> forwarders {
> 151.203.0.84;
> 151.202.0.84;
> };
> listen-on { 10.8.20.5; };
> version "surely you must be joking"
> query-source address * port 53;
> };
>
>
> zone "." {
> type hint;
> file "named.root";
> };
>
> zone "0.0.127.IN-ADDR.ARPA" {
> type master;
> file "localhost.rev";
> };
are you setting up a cache, or an authoritative server?
IOW, do you want Bind to resolve names for clients (they'll will
have it in /etc/resolv.conf and equivalents), or do you want it to
publish names?
You are doing both, but if you want to have this Bind resolving
names for clients (external cache), being authoritative for
0.0.127.in-addr.arpa doesn't IMO make sense.
--
If you cc me or remove the list(s) completely I'll most likely ignore
your message.see http://www.eyrie.org./~eagle/faqs/questions.html
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
Re: Caching nameserver question - I need a spot here . . .
On Mon, Jan 27, 2003 at 05:15:29PM -0500, Louis LeBlanc
<[EMAIL PROTECTED]> wrote:
> Hey all. I'm finally getting around to setting up a caching dns
> server. Pretty confusing from my angle.
>
> Here's what I have so far:
> named enaabled in /etc/rc.conf
> cd to /etc/namedb and run sh make-localhost
>
> and the following in /etc/namedb/named.conf:
>
> options {
> directory "/etc/namedb";
> forward first;
> forwarders {
> 151.203.0.84;
> 151.202.0.84;
> };
> listen-on { 10.8.20.5; };
> version "surely you must be joking"
> query-source address * port 53;
> };
>
>
> zone "." {
> type hint;
> file "named.root";
> };
>
> zone "0.0.127.IN-ADDR.ARPA" {
> type master;
> file "localhost.rev";
> };
>
G'day Louis,
The only differences I can see between this and my working
configuration at home is
1/. I have "forward only" rather than "forward first".
So far my DNS providers haven't failed me!
2/. I run named as a non-privileged user. I haven't configured
a complete sandbox (see
http://www.au.freebsd.org/doc/en_US.ISO8859-1/books/handbook/dns.html#NAMED-SANDBOX
for that),
but just did the following:
mkdir /etc/namedb/s
chown bind:bind /etc/namedb/s
chmod 750 /etc/namedb/s
Add the following to the options in named.conf
dump-file "s/named_dump.db";
and named_flags="-u bind -g bind" to /etc/rc.conf.
3/. I don't have the version and query-source lines. I
don't believe they'll break anything for you.
4/. I have set up an authorative "lane.family"
domain for my home network
5/. You may want to add 127.0.0.1 to your listen-on option.
I can't see anything in your setup as is that will wreak havoc on the
internet, but I am not an expert. I would at least run it as bind:bind
rather than root as it is trivial to set up. A complete sandbox is better,
and of course a jail would be even better, but they are both more work.
Greg
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
Re: Caching nameserver question - I need a spot here . . .
On 01/27/03 10:22 PM, Stacey Roberts sat at the `puter and typed:
> Hi Louis,
>
> On Mon, 2003-01-27 at 22:15, Louis LeBlanc wrote:
> > Hey all. I'm finally getting around to setting up a caching dns
> > server. Pretty confusing from my angle.
> >
> > Here's what I have so far:
> > named enaabled in /etc/rc.conf
> > cd to /etc/namedb and run sh make-localhost
> >
> > and the following in /etc/namedb/named.conf:
> >
> > options {
> > directory "/etc/namedb";
> > forward first;
> > forwarders {
> > 151.203.0.84;
> > 151.202.0.84;
> > };
> > listen-on { 10.8.20.5; };
> > version "surely you must be joking"
> > query-source address * port 53;
> > };
> >
> >
> > zone "." {
> > type hint;
> > file "named.root";
> > };
> >
> > zone "0.0.127.IN-ADDR.ARPA" {
> > type master;
> > file "localhost.rev";
> > };
> >
> >
> > 10.8.20.5 is the interface to the internal network, and I'm hoping the
> > listen-on statement above will restrict requests to the internal
> > network - And from the local machine if I simply add that IP to
> > /etc/resolv.conf. The IPs in the forwarders block are my ISPs dns
> > servers.
> >
> > Anyone care to point out my mistakes so I don't go making an ass of
> > myself by turning on named with a broken config?
>
> I once had a similar set up as what you've described as your intention
> here. I'll not critique what you've done, but I'll point you to the
> handbook, which has a complete section on DNS and mentions what needs to
> be done to set up a basic caching nameserver - its here:
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/dns.html
>
> Hope this assists in some way. Lots of luck!
I probably should have mentioned this, but that page is exactly how I
got this far in the first place. Section 10.9.7 (Caching Name Server)
says only this:
A caching name server is a name server that is not authoritative for
any zones. It simply asks queries of its own, and remembers them for
later use. To set one up, just configure the name server as usual,
omitting any inclusions of zones.
So I guess my main question is do the following default zones violate
that statement, or are they exceptions?
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
And, what about the Options section? Am I understanding the use of
the forwarders, forward first, and listen-on directives correctly?
I have put some effort into this, and the configuration above is the
result of that effort, so I'm not asking anyone to do it for me.
However, I know there have been more than a few people who have
started out intending only to set up a basic internal service of some
kind, only to have their mistakes cause trouble externally. I've been
there myself, and I'm just trying this once to avoid that one step
commonly referred to as 'making an ass of yourself.' Particularly
since screwing with the ISPs dns service availability isn't exactly
smiled upon.
Thanks
Lou
--
Louis LeBlanc [EMAIL PROTECTED]
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org ԿԬ
life, n.:
That brief interlude between nothingness and eternity.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
Re: Caching nameserver question - I need a spot here . . .
Hi Louis,
On Mon, 2003-01-27 at 22:15, Louis LeBlanc wrote:
> Hey all. I'm finally getting around to setting up a caching dns
> server. Pretty confusing from my angle.
>
> Here's what I have so far:
> named enaabled in /etc/rc.conf
> cd to /etc/namedb and run sh make-localhost
>
> and the following in /etc/namedb/named.conf:
>
> options {
> directory "/etc/namedb";
> forward first;
> forwarders {
> 151.203.0.84;
> 151.202.0.84;
> };
> listen-on { 10.8.20.5; };
> version "surely you must be joking"
> query-source address * port 53;
> };
>
>
> zone "." {
> type hint;
> file "named.root";
> };
>
> zone "0.0.127.IN-ADDR.ARPA" {
> type master;
> file "localhost.rev";
> };
>
>
> 10.8.20.5 is the interface to the internal network, and I'm hoping the
> listen-on statement above will restrict requests to the internal
> network - And from the local machine if I simply add that IP to
> /etc/resolv.conf. The IPs in the forwarders block are my ISPs dns
> servers.
>
> Anyone care to point out my mistakes so I don't go making an ass of
> myself by turning on named with a broken config?
I once had a similar set up as what you've described as your intention
here. I'll not critique what you've done, but I'll point you to the
handbook, which has a complete section on DNS and mentions what needs to
be done to set up a basic caching nameserver - its here:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/dns.html
Hope this assists in some way. Lots of luck!
Regards,
Stacey
>
> Thanks in advance.
> Lou
--
Stacey Roberts
B.Sc (HONS) Computer Science
Web: www.vickiandstacey.com
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
