re: caching nameserver
Check the DJBDNS author's site: http://cr.yp.to/djbdns.html The instructions are simple. If there is a lot of name resolutions happening on the web server itself, install dnscache on the localhost. My advice to you is to avoid BIND. It is too complicated for your needs. Regards! At 05:50 PM 4/25/2006, Richard Collyer wrote: Hello, I've recently been getting a lot of trouble with SpamAssassin performing a lot of rDNS lookups which is causing network issues (timeouts etc to DNS servers). I am trying to install BIND (or djbdns) as a simple caching nameserver. Just to take some of the load off the networks DNS servers (my ISPs). However I am having trouble finding a good tutorial to follow. I've looked at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-dns.html but its mainly going on about being a nameserver which is not what I am after, wanting to keep it more simple than that. [EMAIL PROTECTED]:/usr/local/etc] $ named -v BIND 9.3.1 Can anyone suggest me a good tutorial to follow, I've googled but mostly they are for debain/redhat and some of the commands and files are different. Cheers Richard ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
re: caching nameserver
http://www.lifewithdjbdns.com/#dnscache is easy to follow too. --- Denis R. [EMAIL PROTECTED] wrote: Check the DJBDNS author's site: http://cr.yp.to/djbdns.html The instructions are simple. If there is a lot of name resolutions happening on the web server itself, install dnscache on the localhost. My advice to you is to avoid BIND. It is too complicated for your needs. Regards! At 05:50 PM 4/25/2006, Richard Collyer wrote: Hello, I've recently been getting a lot of trouble with SpamAssassin performing a lot of rDNS lookups which is causing network issues (timeouts etc to DNS servers). I am trying to install BIND (or djbdns) as a simple caching nameserver. Just to take some of the load off the networks DNS servers (my ISPs). However I am having trouble finding a good tutorial to follow. I've looked at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-dns.html but its mainly going on about being a nameserver which is not what I am after, wanting to keep it more simple than that. [EMAIL PROTECTED]:/usr/local/etc] $ named -v BIND 9.3.1 Can anyone suggest me a good tutorial to follow, I've googled but mostly they are for debain/redhat and some of the commands and files are different. Cheers Richard ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Caching nameserver question - I need a spot here . . .
# [EMAIL PROTECTED] / 2003-01-27 17:15:29 -0500:
Hey all. I'm finally getting around to setting up a caching dns
server. Pretty confusing from my angle.
Here's what I have so far:
named enaabled in /etc/rc.conf
cd to /etc/namedb and run sh make-localhost
and the following in /etc/namedb/named.conf:
options {
directory /etc/namedb;
forward first;
forwarders {
151.203.0.84;
151.202.0.84;
};
listen-on { 10.8.20.5; };
version surely you must be joking
query-source address * port 53;
};
zone . {
type hint;
file named.root;
};
zone 0.0.127.IN-ADDR.ARPA {
type master;
file localhost.rev;
};
are you setting up a cache, or an authoritative server?
IOW, do you want Bind to resolve names for clients (they'll will
have it in /etc/resolv.conf and equivalents), or do you want it to
publish names?
You are doing both, but if you want to have this Bind resolving
names for clients (external cache), being authoritative for
0.0.127.in-addr.arpa doesn't IMO make sense.
--
If you cc me or remove the list(s) completely I'll most likely ignore
your message.see http://www.eyrie.org./~eagle/faqs/questions.html
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
Re: Caching nameserver question - I need a spot here . . .
On 01/28/03 03:39 PM, Roman Neuhauser sat at the `puter and typed:
# [EMAIL PROTECTED] / 2003-01-27 17:15:29 -0500:
Hey all. I'm finally getting around to setting up a caching dns
server. Pretty confusing from my angle.
Here's what I have so far:
named enaabled in /etc/rc.conf
cd to /etc/namedb and run sh make-localhost
and the following in /etc/namedb/named.conf:
options {
directory /etc/namedb;
forward first;
forwarders {
151.203.0.84;
151.202.0.84;
};
listen-on { 10.8.20.5; };
version surely you must be joking
query-source address * port 53;
};
zone . {
type hint;
file named.root;
};
zone 0.0.127.IN-ADDR.ARPA {
type master;
file localhost.rev;
};
are you setting up a cache, or an authoritative server?
IOW, do you want Bind to resolve names for clients (they'll will
have it in /etc/resolv.conf and equivalents), or do you want it to
publish names?
You are doing both, but if you want to have this Bind resolving
names for clients (external cache), being authoritative for
0.0.127.in-addr.arpa doesn't IMO make sense.
I want just a caching nameserver. If I understand correctly, you are
suggesting I remove the 0.0.127.IN-ADDR.ARPA zone. So I should only
have the hint zone, right?
Thanks for your comments, Roman.
Lou
--
Louis LeBlanc [EMAIL PROTECTED]
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org ԿԬ
Prototype designs always work.
-- Don Vonada
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
Re: Caching nameserver question - I need a spot here . . .
# [EMAIL PROTECTED] / 2003-01-28 10:52:10 -0500: I want just a caching nameserver. If I understand correctly, you are suggesting I remove the 0.0.127.IN-ADDR.ARPA zone. So I should only have the hint zone, right? exactly. -- If you cc me or remove the list(s) completely I'll most likely ignore your message.see http://www.eyrie.org./~eagle/faqs/questions.html To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Caching nameserver question - I need a spot here . . .
Hi Louis,
On Mon, 2003-01-27 at 22:15, Louis LeBlanc wrote:
Hey all. I'm finally getting around to setting up a caching dns
server. Pretty confusing from my angle.
Here's what I have so far:
named enaabled in /etc/rc.conf
cd to /etc/namedb and run sh make-localhost
and the following in /etc/namedb/named.conf:
options {
directory /etc/namedb;
forward first;
forwarders {
151.203.0.84;
151.202.0.84;
};
listen-on { 10.8.20.5; };
version surely you must be joking
query-source address * port 53;
};
zone . {
type hint;
file named.root;
};
zone 0.0.127.IN-ADDR.ARPA {
type master;
file localhost.rev;
};
10.8.20.5 is the interface to the internal network, and I'm hoping the
listen-on statement above will restrict requests to the internal
network - And from the local machine if I simply add that IP to
/etc/resolv.conf. The IPs in the forwarders block are my ISPs dns
servers.
Anyone care to point out my mistakes so I don't go making an ass of
myself by turning on named with a broken config?
I once had a similar set up as what you've described as your intention
here. I'll not critique what you've done, but I'll point you to the
handbook, which has a complete section on DNS and mentions what needs to
be done to set up a basic caching nameserver - its here:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/dns.html
Hope this assists in some way. Lots of luck!
Regards,
Stacey
Thanks in advance.
Lou
--
Stacey Roberts
B.Sc (HONS) Computer Science
Web: www.vickiandstacey.com
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
Re: Caching nameserver question - I need a spot here . . .
On 01/27/03 10:22 PM, Stacey Roberts sat at the `puter and typed:
Hi Louis,
On Mon, 2003-01-27 at 22:15, Louis LeBlanc wrote:
Hey all. I'm finally getting around to setting up a caching dns
server. Pretty confusing from my angle.
Here's what I have so far:
named enaabled in /etc/rc.conf
cd to /etc/namedb and run sh make-localhost
and the following in /etc/namedb/named.conf:
options {
directory /etc/namedb;
forward first;
forwarders {
151.203.0.84;
151.202.0.84;
};
listen-on { 10.8.20.5; };
version surely you must be joking
query-source address * port 53;
};
zone . {
type hint;
file named.root;
};
zone 0.0.127.IN-ADDR.ARPA {
type master;
file localhost.rev;
};
10.8.20.5 is the interface to the internal network, and I'm hoping the
listen-on statement above will restrict requests to the internal
network - And from the local machine if I simply add that IP to
/etc/resolv.conf. The IPs in the forwarders block are my ISPs dns
servers.
Anyone care to point out my mistakes so I don't go making an ass of
myself by turning on named with a broken config?
I once had a similar set up as what you've described as your intention
here. I'll not critique what you've done, but I'll point you to the
handbook, which has a complete section on DNS and mentions what needs to
be done to set up a basic caching nameserver - its here:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/dns.html
Hope this assists in some way. Lots of luck!
I probably should have mentioned this, but that page is exactly how I
got this far in the first place. Section 10.9.7 (Caching Name Server)
says only this:
A caching name server is a name server that is not authoritative for
any zones. It simply asks queries of its own, and remembers them for
later use. To set one up, just configure the name server as usual,
omitting any inclusions of zones.
So I guess my main question is do the following default zones violate
that statement, or are they exceptions?
zone . {
type hint;
file named.root;
};
zone 0.0.127.IN-ADDR.ARPA {
type master;
file localhost.rev;
};
And, what about the Options section? Am I understanding the use of
the forwarders, forward first, and listen-on directives correctly?
I have put some effort into this, and the configuration above is the
result of that effort, so I'm not asking anyone to do it for me.
However, I know there have been more than a few people who have
started out intending only to set up a basic internal service of some
kind, only to have their mistakes cause trouble externally. I've been
there myself, and I'm just trying this once to avoid that one step
commonly referred to as 'making an ass of yourself.' Particularly
since screwing with the ISPs dns service availability isn't exactly
smiled upon.
Thanks
Lou
--
Louis LeBlanc [EMAIL PROTECTED]
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org ԿԬ
life, n.:
That brief interlude between nothingness and eternity.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
Re: Caching nameserver question - I need a spot here . . .
On Mon, Jan 27, 2003 at 05:15:29PM -0500, Louis LeBlanc
[EMAIL PROTECTED] wrote:
Hey all. I'm finally getting around to setting up a caching dns
server. Pretty confusing from my angle.
Here's what I have so far:
named enaabled in /etc/rc.conf
cd to /etc/namedb and run sh make-localhost
and the following in /etc/namedb/named.conf:
options {
directory /etc/namedb;
forward first;
forwarders {
151.203.0.84;
151.202.0.84;
};
listen-on { 10.8.20.5; };
version surely you must be joking
query-source address * port 53;
};
zone . {
type hint;
file named.root;
};
zone 0.0.127.IN-ADDR.ARPA {
type master;
file localhost.rev;
};
G'day Louis,
The only differences I can see between this and my working
configuration at home is
1/. I have forward only rather than forward first.
So far my DNS providers haven't failed me!
2/. I run named as a non-privileged user. I haven't configured
a complete sandbox (see
http://www.au.freebsd.org/doc/en_US.ISO8859-1/books/handbook/dns.html#NAMED-SANDBOX
for that),
but just did the following:
mkdir /etc/namedb/s
chown bind:bind /etc/namedb/s
chmod 750 /etc/namedb/s
Add the following to the options in named.conf
dump-file s/named_dump.db;
and named_flags=-u bind -g bind to /etc/rc.conf.
3/. I don't have the version and query-source lines. I
don't believe they'll break anything for you.
4/. I have set up an authorative lane.family
domain for my home network
5/. You may want to add 127.0.0.1 to your listen-on option.
I can't see anything in your setup as is that will wreak havoc on the
internet, but I am not an expert. I would at least run it as bind:bind
rather than root as it is trivial to set up. A complete sandbox is better,
and of course a jail would be even better, but they are both more work.
Greg
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
Re: caching nameserver (was Resolving hostnames takes forever)
On Sat, Nov 02, 2002 at 02:31:06PM -0800, paul beard wrote:
Matthew Seaman wrote:
to /etc/rc.conf, and put the IP number of your server as the first
choice in /etc/resolv.conf:
nameserver 12.34.56.78
for the correct value of 12.34.56.78
I've done this, but I can't get 192.168.2.1 to resolved addresses
in nslookup unless I drop into interactive mode and specify it.
That's nslookup for you. You don't seem to have a reverse domain for
2.168.192.in-addr.arpa set up anywhere, so nslookup throws a wobbly
about being asked to look stuff up at an address in that range.
There's a reason it's been deprecated in BIND 9. Two much better
tools are 'host' and 'dig'. Try:
host ftp.freebsd.org
dig ftp.freebsd.org
Note however that this configuration will allow anyone on the net who
can get packets to port 53 of your server to use your named to do
recursive lookups --- consult the named.conf(5) man page and the
documentation at http://www.isc.org/products/BIND/docs/index.html to
find out how to configure it better.
This looks like something you can do with an acl to permit only
your local network(s). I'm not sure how I invoke it after I set it.
As near as I can make out, this is what I need to permit only
queries from my local network.
// acl list
acl home {
192.168.2/255.255.255.0
};
You're missing a ';' amongst other things --- named.conf likes to have
a liberal sprinkling of semi-colons.
acl home {
192.168.2.0/24;
};
Note that it's 'network address / length of netmask'. You don't have
to put quotes around the acl name, but it's good practice to avoid
potential conflict with key words.
The acl definitions are top level statements in the config file,
ie. outside the 'options' block.
allow_query {
address_match_list (home);
};
There are four built in acl's that you can use. 'localhost' is a
list of all the configured interfaces on the server and 'localnets'
is a list of all the directly attached networks. Then there's 'any'
and 'none' which are self explanatory.
Just write the name of the acl literally in the allow-query or
allow-recursion or whatever statement. eg:
allow-query {
localnets;
};
or
allow-recursion {
home;
};
If you used quotes in the definition of the acl, then you should use
them for any reference to the acl.
These can be put into the options { }; block, which makes them into
default values for the whole server, or they may be inserted into a
view { }; or zone { }; statement to have a more narrow effect.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
