From owner-freebsd-questions@FreeBSD.ORG Tue Oct 19 19:17:40 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9933116A4CF for ; Tue, 19 Oct 2004 19:17:40 +0000 (GMT) Received: from server1.pilar-ciudad.com.ar (server1.pilar-ciudad.com.ar [200.51.132.5]) by mx1.FreeBSD.org (Postfix) with SMTP id C565A43D55 for ; Tue, 19 Oct 2004 19:17:36 +0000 (GMT) (envelope-from ezequielb@pilar-ciudad.com.ar) Received: (qmail 30419 invoked by uid 510); 19 Oct 2004 19:17:36 -0000 Received: from ezequielb@pilar-ciudad.com.ar by server1.pilar-ciudad.com.ar by uid 502 with qmail-scanner-1.22 (clamdscan: 0.70-rc. spamassassin: 2.63. Clear:RC:1(200.51.132.7):. Processed in 0.026651 secs); 19 Oct 2004 19:17:36 -0000 Received: from unknown (HELO ?200.51.132.7?) (200.51.132.7) by server1.pilar-ciudad.com.ar with SMTP; 19 Oct 2004 19:17:36 -0000 Message-ID: <417568D4.5000309@pilar-ciudad.com.ar> Date: Tue, 19 Oct 2004 16:19:48 -0300 From: "Ezequiel O. Block" User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913) X-Accept-Language: en-us, en MIME-Version: 1.0 Cc: freebsd-questions@freebsd.org References: <20041019201733.E79192@gaff.hhhr.ision.net> In-Reply-To: <20041019201733.E79192@gaff.hhhr.ision.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Private (only) DNS server setup? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Oct 2004 19:17:40 -0000 The allow-recursion option would limit queries only to your lan. like this options { allow-recursion { 192.168.1.0/24; 127.0.0.1; }; }; Olaf Hoyer wrote: > On Tue, 19 Oct 2004, Seth Henry wrote: > >> Guys, >> I am trying to decrease the amount of traffic going through my cable >> modem. Presently, I have a FreeBSD 4.10 system acting as a gateway >> router. It runs ipf/ipnat for filtering, and acts as a dhcp server to >> the internal network. I also run ntpd, and have pointed all of my >> internal machines to the router for time services. >> >> I plan to add a caching web proxy, and a private DNS server - which is >> where my question comes in. >> >> I want to run a private DNS server which is visible internally only. >> Comcast doesn't like servers, so I don't want to broadcast any DNS >> information upstream. (this would also be kind of dumb, as the entries >> would point to non-routable addresses) > > > Hi! > > Hm, basically you set up BIND (or one of DNS demons of your choice) and > tell them to > a) take queries from clients and get the resolution stuff done > b) tell the named that he is primary server for certain domains, like > foo.bar.homezone > > a) ist done automatically after named ist started, that BIND is a > caching nameserver, for easy you should put a forwarders clause in your > named.conf so that BIND always tries to ask your providers DNS first, > will also help to reduce traffic. > > b) Well, if you want to propagate DNS upstream or only on a local > network is the same setup, when you have a primary DNS running- its the > same named.conf, where named is responsible for a certain zone. > As you are running a firewall, I assume that every port that is not > needed to be visible from "outer space" ist closed, so there is no > problem with that. Or you could tell named to only listen on the > internal interface, which is the technically correct solution. > > All that stuff should be covered within the handbook, as pointed out, in > my named.conf on a 4-stable the comments in the named.conf are also > sufficient to create a primary DNS... > > HTH > Olaf > -- Ezequiel O. Block Cooperativa La Lonja. Soporte Internet. Buenos Aires, Argentina F 02322-470406 T 02322-474537 E ezequielb@pilar-ciudad.com.ar