Date: Mon, 2 Jan 2012 00:58:43 +0100 From: Walter Alejandro Iglesias <roquesor@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: DNS Message-ID: <20120101235843.GB55393@chancha.local> In-Reply-To: <CAFuo_fwY2vbtDw247LDVwbA_b1X=Rs8Kd9fh8pFDqt8x7BXk2A@mail.gmail.com> References: <CAHsiZG8z8eNTLKzPvAsVm7ZTBwkNGLA%2BcLjQ2gJJvez6Aj8ChQ@mail.gmail.com> <CAHsiZG-tMwY2xjLx4Td24--FgXgEqqJW6e_JPkJnSznY1dEo5w@mail.gmail.com> <CAHsiZG9aah6nS3sQ==JNMw5x426vxUa6MfgcJqLSv0s9YXdY7A@mail.gmail.com> <CAFuo_fxnt%2BEWtKHaBnMHDx6UiYHt84=P1QNuGqigkj-EZHJCwA@mail.gmail.com> <20120101224708.GA44456@chancha.local> <20224.58435.410063.543105@jerusalem.litteratus.org> <CAFuo_fwY2vbtDw247LDVwbA_b1X=Rs8Kd9fh8pFDqt8x7BXk2A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 01, 2012 at 03:24:59PM -0800, Waitman Gobble wrote: > On Sun, Jan 1, 2012 at 2:54 PM, Robert Huff <roberthuff@rcn.com> wrote: > > > > > Walter Alejandro Iglesias writes: > > > > > Time ago I made the attempt to setup my own DNS in the same > > > machine I had my web server running. DNS was the only thing I > > > was not able to automatically update in the system with my > > > scripts each time a new customer purchased a service. It would > > > be wonderful for me if you or anyone here at least confirm me if > > > it is really possible. > > > > What is possible - updating using scripts, or running BIND on > > the same machine as a web server (presumably Apache)? > > While I'm sure someone has written them, I don't know of any > > scripts that will "update" (whatever that means) BIND configuration > > files that are included either as part of the base system or as > > ports. > > However, running BIND and Apache is certainly possible - the > > machine I'm typing this on does exactly that. > > > > > > Robert Huff > > > > > I agree with Robert, it's generally no problem, at least technically, to > run BIND on the same machine. (Unless in certain situations I can think of > at the moment) you are running your httpd server on a non-public network > behind a firewall, doing certain things with NAT on the router, or running > httpd on a "private machine" that only "gets traffic" from a public-facing > cache/proxy like squid. These situations don't rule out use but could cause > 'looping' or otherwise cause problems depending on how your network and > name system is setup. > > It is better to have more than one machine running name services, if > possible. Also a good idea to prohibit zone transfers and recursive > lookups, or at least limit very carefully. > > You should be able to set up a zone update thing for your customers, just > keep TTL somewhat short, and update your serial # in the zone so that > external caches will pull the updates (using date and/or time is probably > best.) And you probably don't want the daemon/nobody httpd user fooling > around with the zone files or named process directly so it's best to set a > signal in your script like 'touch /tmp/updatebind' or something and have a > cron job check for the 'signal'. > > Waitman Thanks Waitman, The true is I am a bit lost, perhaps (here is late, 00:54) I am a bit hungry and tired :-). I will dinner, sleep and tomorrow morning with a fresh mind I will reread carefully this last message. I'll buy the book you advised too. Walter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120101235843.GB55393>