Date: Sun, 21 Jul 2002 14:40:59 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Michael Sharp <freebsd@ec.rr.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: DNS config Message-ID: <20020721134059.GC27676@happy-idiot-talk.infracaninophi> In-Reply-To: <1244.192.168.1.4.1027256860.squirrel@webmail.probsd.ws> References: <1244.192.168.1.4.1027256860.squirrel@webmail.probsd.ws>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jul 21, 2002 at 09:07:40AM -0400, Michael Sharp wrote: > I am taking a stab at running DNS , and have been reading some on it > today.But, I wanted to touch base with some on the list to see if my > thinking is correct before I deploy this.I am going to run named in a > Jail() on 192.168.1.6 and my Internet IP is 66.26.7.34. For named.conf, > I have: > > zone "0.0.127.IN-ADDR.ARPA" { > type master; > file "localhost.rev"; > }; > zone "1.168.192.in-addr.arpa" { > type master; > file "192.168.1.in-addr.arpa.conf"; > }; > zone "my-domain.com" { > type master; > file "my-domain.conf"; > }; Looks good. > My questions are this, would I use 7.26.66.in-addr.arpa INSTEAD of > 1.168.192 in the second zone above since my external IP is 66.26.7.34, > or is what I have correct? You probably do want to be serving the 1.168.192.in-addr.arpa zone if you're using that internally. You definitely don't want to be serving the whole 7.26.66.in-addr.arpa zone, as that covers a whole /24 net block. If you are going to insist on providing your own reverse lookup for that IP, then you could try running a zone file for 34.7.26.66.in-addr.arpa, but I would counsel against doing that. The 66.26.7.34 IP number comes out of a block delegated to your ISP. Because it's been officially delegated I can type 'host 66.26.7.34' on a completely unrelated machine and my nameserver will chase through all the delegations from in-addr.arpa. on down until it finds the servers that can tell it authoritatively what hostname that IP number corresponds to. Now, if you run your own nameserver and load your own copy of that zone into it, you will short circuit that lookup. Since your server "knows" the answer to the query it will give you an authoritative response straight away. Thus your internal machines will get a different response to the lookup than an external user, and no external user will see any modifications you make. That might be precisely what you intend, and indeed there are very good reasons for doing those sorts of tricks in certain circumstances. However, in your case I think it's probable that all you need to do is leave well alone and let your nameserver lookup that address from your ISP's nameservers for you as required. If you really need to be in control of that zone, you should approach your ISP and ask them about delegating authority to your servers. They may well refuse or want you to pay for the privilege. > Second, why is the 0.0.127 zone " IN-ADDR.ARPA" capitalised where > the others arent? The stock named.conf has it this way and I am > just curious. The DNS is case insensitive, so there's no practical difference whatever case mixture you use. Looking up 'www.freebsd.org' will get you the same result as looking up 'www.FreeBSD.ORG'. Some people like to capitalise their zone data and named config files to make them look prettier or to stand out better on the page, but there's no guarantee that the fancy capitalisation will even be transmitted to the client doing the lookup. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Tel: +44 1628 476614 Marlow Fax: +44 0870 0522645 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020721134059.GC27676>