From owner-freebsd-questions@FreeBSD.ORG Tue Oct 19 18:25:18 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B3ECC16A4CE for ; Tue, 19 Oct 2004 18:25:18 +0000 (GMT) Received: from gaff.hhhr.ision.net (gaff.hhhr.ision.net [195.180.9.213]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A97F43D58 for ; Tue, 19 Oct 2004 18:25:17 +0000 (GMT) (envelope-from ohoyer@ohoyer.de) Received: from gaff.hhhr.ision.net (localhost [127.0.0.1]) by gaff.hhhr.ision.net (8.12.11/8.12.11) with ESMTP id i9JIPMH0079217; Tue, 19 Oct 2004 20:25:22 +0200 (CEST) (envelope-from ohoyer@ohoyer.de) Received: from localhost (ohoyer@localhost)i9JIPLE6079214; Tue, 19 Oct 2004 20:25:21 +0200 (CEST) (envelope-from ohoyer@ohoyer.de) X-Authentication-Warning: gaff.hhhr.ision.net: ohoyer owned process doing -bs Date: Tue, 19 Oct 2004 20:25:21 +0200 (CEST) From: Olaf Hoyer Sender: ohoyer@gaff.hhhr.ision.net To: Seth Henry In-Reply-To: Message-ID: <20041019201733.E79192@gaff.hhhr.ision.net> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-questions@freebsd.org Subject: Re: Private (only) DNS server setup? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Oct 2004 18:25:18 -0000 On Tue, 19 Oct 2004, Seth Henry wrote: > Guys, > I am trying to decrease the amount of traffic going through my cable modem. > Presently, I have a FreeBSD 4.10 system acting as a gateway router. It runs > ipf/ipnat for filtering, and acts as a dhcp server to the internal network. I > also run ntpd, and have pointed all of my internal machines to the router for > time services. > > I plan to add a caching web proxy, and a private DNS server - which is where > my question comes in. > > I want to run a private DNS server which is visible internally only. Comcast > doesn't like servers, so I don't want to broadcast any DNS information > upstream. (this would also be kind of dumb, as the entries would point to > non-routable addresses) Hi! Hm, basically you set up BIND (or one of DNS demons of your choice) and tell them to a) take queries from clients and get the resolution stuff done b) tell the named that he is primary server for certain domains, like foo.bar.homezone a) ist done automatically after named ist started, that BIND is a caching nameserver, for easy you should put a forwarders clause in your named.conf so that BIND always tries to ask your providers DNS first, will also help to reduce traffic. b) Well, if you want to propagate DNS upstream or only on a local network is the same setup, when you have a primary DNS running- its the same named.conf, where named is responsible for a certain zone. As you are running a firewall, I assume that every port that is not needed to be visible from "outer space" ist closed, so there is no problem with that. Or you could tell named to only listen on the internal interface, which is the technically correct solution. All that stuff should be covered within the handbook, as pointed out, in my named.conf on a 4-stable the comments in the named.conf are also sufficient to create a primary DNS... HTH Olaf -- Olaf Hoyer ohoyer@ohoyer.de Fuerchterliche Erlebniss geben zu raten, ob der, welcher sie erlebt, nicht etwas Fuerchterliches ist. (Nietzsche, Jenseits von Gut und Boese)