From owner-freebsd-questions@FreeBSD.ORG Sun Jan 1 23:25:00 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B66B51065672 for ; Sun, 1 Jan 2012 23:25:00 +0000 (UTC) (envelope-from gobble.wa@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 75BA88FC08 for ; Sun, 1 Jan 2012 23:25:00 +0000 (UTC) Received: by iadj38 with SMTP id j38so35828695iad.13 for ; Sun, 01 Jan 2012 15:24:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=Zx5eKpTagMhYyESIkXO1s9hxuBZ2HglZQaD0EuKmLIE=; b=KM4ntrMeM08a+960tAJKW2ZK4QxNwd/WfaYNLhmL3notzCFugdaXgSFQHguSlFkfLI mAcokTKSS8aRKj086fy6xnSpahsYlXumJDWszRAar7THFXvyHgxh/PO7pV7jSfj9XDm/ AgzNglDZ2C/F1Be4BRJC1BS1CcWyXY6qcJLpY= MIME-Version: 1.0 Received: by 10.42.168.197 with SMTP id x5mr7842756icy.6.1325460299754; Sun, 01 Jan 2012 15:24:59 -0800 (PST) Received: by 10.231.31.65 with HTTP; Sun, 1 Jan 2012 15:24:59 -0800 (PST) In-Reply-To: <20224.58435.410063.543105@jerusalem.litteratus.org> References: <20120101224708.GA44456@chancha.local> <20224.58435.410063.543105@jerusalem.litteratus.org> Date: Sun, 1 Jan 2012 15:24:59 -0800 Message-ID: From: Waitman Gobble To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: DNS X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jan 2012 23:25:00 -0000 On Sun, Jan 1, 2012 at 2:54 PM, Robert Huff wrote: > > Walter Alejandro Iglesias writes: > > > Time ago I made the attempt to setup my own DNS in the same > > machine I had my web server running. DNS was the only thing I > > was not able to automatically update in the system with my > > scripts each time a new customer purchased a service. It would > > be wonderful for me if you or anyone here at least confirm me if > > it is really possible. > > What is possible - updating using scripts, or running BIND on > the same machine as a web server (presumably Apache)? > While I'm sure someone has written them, I don't know of any > scripts that will "update" (whatever that means) BIND configuration > files that are included either as part of the base system or as > ports. > However, running BIND and Apache is certainly possible - the > machine I'm typing this on does exactly that. > > > Robert Huff > > I agree with Robert, it's generally no problem, at least technically, to run BIND on the same machine. (Unless in certain situations I can think of at the moment) you are running your httpd server on a non-public network behind a firewall, doing certain things with NAT on the router, or running httpd on a "private machine" that only "gets traffic" from a public-facing cache/proxy like squid. These situations don't rule out use but could cause 'looping' or otherwise cause problems depending on how your network and name system is setup. It is better to have more than one machine running name services, if possible. Also a good idea to prohibit zone transfers and recursive lookups, or at least limit very carefully. You should be able to set up a zone update thing for your customers, just keep TTL somewhat short, and update your serial # in the zone so that external caches will pull the updates (using date and/or time is probably best.) And you probably don't want the daemon/nobody httpd user fooling around with the zone files or named process directly so it's best to set a signal in your script like 'touch /tmp/updatebind' or something and have a cron job check for the 'signal'. Waitman