Date: Sun, 03 Sep 2000 22:33:48 +0100 From: John Murphy <bigotfo@bigfoot.com> To: questions@freebsd.org Subject: caching DNS server (was DNS resolving by internal network) Message-ID: <V6iyOZ1MMYL7B0BrcULNfbwpAu%2BD@4ax.com>
next in thread | raw e-mail | index | archive | help
Ben Smithurst wrote:
>[caching DNS server]
>> I, for one, would like to do that. Is there a tutorial somewhere?
>
>Not that I know of. But the named.conf file you need should be fairly
>simple, the important bits you need to add are:
>
> forward first;
> forwarders {
> 1.2.3.4;
> 5.6.7.8;
> };
>
>Where the two IP addresses are the IP addresses of your ISP's
>nameservers which would normally be in /etc/resolv.conf. This will make
>named forward requests to those nameservers, and cache the answers. If
>those nameservers don't respond your local named will contact the root
>name servers (see named.root) and find the answer from there, which
>will take longer. But most of the time your ISP's nameservers should
>respond, of course.
>
>The /etc/resolv.conf files (or Windows TCP/IP settings, or whatever) on
>your other computers should then list just the IP address of your local
>machine which is running named.
Sounds easy enough. Unfortunately...
named complained couldn't find localhost.rev so I ran #sh make-localhost
which made localhost.rev
There was a remark in named.conf to put 127.0.0.1 in /etc/resolv.conf
so I put nameserver 127.0.0.1 at the top. But I still got loads of
natd errors.
/kernel: ipfw: 65435 Deny UDP 127.1.1.1:53 192.36.148.17:53 out via tun0
The IP numbers are those in /etc/namedb/named.root ^^^^^
natd[95]: failed to write packet back (Permission denied)
Altered my firewall rules as I'd restricted :53 to only the ISP's DNS.
The problem is that whenever I reboot or start the machine it dials
my ISP! I even tried creating /etc/namedb/s and chowned it as mentioned
in named.conf. I'm not even sure that it's caching. There's nothing in
/etc/namedb/s.
// $Id: named.conf,v 1.5 1998/12/23 06:06:13 dillon Exp $
//
// Refer to the named(8) man page for details. If you are ever going
// to setup a primary server, make sure you've understood the hairy
// details of how DNS is working. Even with simple mistakes, you can
// break connectivity for affected parties, or cause huge amount of
// useless Internet traffic.
options {
directory "/etc/namedb";
// In addition to the "forwarders" clause, you can force your name
// server to never initiate queries of its own, but always ask its
// forwarders only, by enabling the following line:
//
//forward only;
// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
forward first;
forwarders {
212.49.224.2;
212.49.224.3;
};
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
/*
* If running in a sandbox, you may have to specify a different
* location for the dumpfile.
*/
dump-file "s/named_dump.db";
};
// Note: the following will be supported in a future release.
/*
host { any; } {
topology {
127.0.0.0/8;
};
};
*/
// Setting up secondaries is way easier and the rough picture for this
// is explained below.
//
// If you enable a local name server, don't forget to enter 127.0.0.1
// into your /etc/resolv.conf so this server will be queried first.
// Also, make sure to enable it in /etc/rc.conf.
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
// NB: Do not use the IP addresses below, they are faked, and only
// serve demonstration/documentation purposes!
//
// Example secondary config entries. It can be convenient to become
// a secondary at least for the zone where your own domain is in. Ask
// your network administrator for the IP address of the responsible
// primary.
//
// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone!
// (This is the first bytes of the respective IP address, in reverse
// order, with ".IN-ADDR.ARPA" appended.)
//
// Before starting to setup a primary zone, better make sure you fully
// understand how DNS and BIND works, however. There are sometimes
// unobvious pitfalls. Setting up a secondary is comparably simpler.
//
// NB: Don't blindly enable the examples below. :-) Use actual names
// and addresses instead.
//
// NOTE!!! FreeBSD runs bind in a sandbox (see named_flags in rc.conf).
// The directory containing the secondary zones must be write accessible
// to bind. The following sequence is suggested:
//
// mkdir /etc/namedb/s
// chown bind.bind /etc/namedb/s
// chmod 750 /etc/namedb/s
/*
zone "domain.com" {
type slave;
file "s/domain.com.bak";
masters {
192.168.1.1;
};
};
zone "0.168.192.in-addr.arpa" {
type slave;
file "s/0.168.192.in-addr.arpa.bak";
masters {
192.168.1.1;
};
};
*/
Any ideas?
John.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?V6iyOZ1MMYL7B0BrcULNfbwpAu%2BD>