Date: Tue, 19 Oct 2004 20:55:34 -0600 From: Danny MacMillan <flowers@users.sourceforge.net> To: Seth Henry <jshamlet@hotmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Private (only) DNS server setup? Message-ID: <20041020025534.GA931@procyon.nekulturny.org> In-Reply-To: <BAY18-F2ZncJfKHmj9n00008ff3@hotmail.com> References: <BAY18-F2ZncJfKHmj9n00008ff3@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 19, 2004 at 08:34:45AM -0600, Seth Henry wrote: > > ... > > I also want to create a private, internal zone so that I can stop passing > hosts files around. (i.e. 192.168.1.1 -> internal_host1, etc) IOW - I > would like internal machines to point to my DNS server for internal & > external addresses. If the DNS server (on the router) can't find the > address in its local cache, I would like the router to retrieve the record, > and pass it along to the internal machine. In the end, I want to block all > DNS traffic from the internal network from leaving the network - internal > machines should only request DNS info from the router. > > ... I eschew BIND in favour of djbdns, which is in the ports. It's quite modular which makes the sort of setup you're talking about quite trivial. I'm sure it's equally possible with BIND. I'm just not familiar with BIND. Anyway, the djbdns solution entails setting up two DNS "servers" on the router, one being the authoritative server for your internal domain and the other being the full service resolver and cache. The DNS cache will be configured to ask your internal DNS server about local names and your upstream provider's cache for all other names. Here's the djbdns home page, which contains more information than you need: http://cr.yp.to/djbdns.html Read the following pages linked from that site and you'll be in good shape: o How to tell a computer to respond to an IP address o How to run an external forwarding cache o How to run a DNS server o How to create local DNS names When I set up djbdns at work, I also referenced a page that specifically addressed setting up djbdns on a FreeBSD server. While the information is not strictly necessary, I did find it useful, even though I did not follow the instructions exactly: http://www.free-x.ch/pub/djbdns.html As far as preventing the information being published: When configuring your djbdns servers, you will need to supply the IP address on which they will listen. Just use one of the addresses bound to the private interface. -- Danny
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041020025534.GA931>