From owner-freebsd-questions Sun Sep 3 14:34:16 2000 Delivered-To: freebsd-questions@freebsd.org Received: from smtp.screaming.net (smtp.screaming.net [212.49.224.20]) by hub.freebsd.org (Postfix) with ESMTP id D288137B422 for ; Sun, 3 Sep 2000 14:34:10 -0700 (PDT) Received: from lexx.my.domain (dyn36-ras32.screaming.net [212.49.255.36]) by smtp.screaming.net (8.9.3/8.9.3) with SMTP id VAA29193 for ; Sun, 3 Sep 2000 21:36:59 GMT From: John Murphy To: questions@freebsd.org Subject: caching DNS server (was DNS resolving by internal network) Date: Sun, 03 Sep 2000 22:33:48 +0100 Organization: The Organisation Reply-To: bigotfo@bigfoot.com Message-ID: X-Mailer: Forte Agent 1.6/32.525 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Ben Smithurst wrote: >[caching DNS server] >> I, for one, would like to do that. Is there a tutorial somewhere? > >Not that I know of. But the named.conf file you need should be fairly >simple, the important bits you need to add are: > > forward first; > forwarders { > 1.2.3.4; > 5.6.7.8; > }; > >Where the two IP addresses are the IP addresses of your ISP's >nameservers which would normally be in /etc/resolv.conf. This will make >named forward requests to those nameservers, and cache the answers. If >those nameservers don't respond your local named will contact the root >name servers (see named.root) and find the answer from there, which >will take longer. But most of the time your ISP's nameservers should >respond, of course. > >The /etc/resolv.conf files (or Windows TCP/IP settings, or whatever) on >your other computers should then list just the IP address of your local >machine which is running named. Sounds easy enough. Unfortunately... named complained couldn't find localhost.rev so I ran #sh make-localhost which made localhost.rev There was a remark in named.conf to put 127.0.0.1 in /etc/resolv.conf so I put nameserver 127.0.0.1 at the top. But I still got loads of natd errors. /kernel: ipfw: 65435 Deny UDP 127.1.1.1:53 192.36.148.17:53 out via tun0 The IP numbers are those in /etc/namedb/named.root ^^^^^ natd[95]: failed to write packet back (Permission denied) Altered my firewall rules as I'd restricted :53 to only the ISP's DNS. The problem is that whenever I reboot or start the machine it dials my ISP! I even tried creating /etc/namedb/s and chowned it as mentioned in named.conf. I'm not even sure that it's caching. There's nothing in /etc/namedb/s. // $Id: named.conf,v 1.5 1998/12/23 06:06:13 dillon Exp $ // // Refer to the named(8) man page for details. If you are ever going // to setup a primary server, make sure you've understood the hairy // details of how DNS is working. Even with simple mistakes, you can // break connectivity for affected parties, or cause huge amount of // useless Internet traffic. options { directory "/etc/namedb"; // In addition to the "forwarders" clause, you can force your name // server to never initiate queries of its own, but always ask its // forwarders only, by enabling the following line: // //forward only; // If you've got a DNS server around at your upstream provider, enter // its IP address here, and enable the line below. This will make you // benefit from its cache, thus reduce overall DNS traffic in the = Internet. forward first; forwarders { 212.49.224.2; 212.49.224.3; }; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ query-source address * port 53; /* * If running in a sandbox, you may have to specify a different * location for the dumpfile. */ dump-file "s/named_dump.db"; }; // Note: the following will be supported in a future release. /* host { any; } { topology { 127.0.0.0/8; }; }; */ // Setting up secondaries is way easier and the rough picture for this // is explained below. // // If you enable a local name server, don't forget to enter 127.0.0.1 // into your /etc/resolv.conf so this server will be queried first. // Also, make sure to enable it in /etc/rc.conf. zone "." { type hint; file "named.root"; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "localhost.rev"; }; // NB: Do not use the IP addresses below, they are faked, and only // serve demonstration/documentation purposes! // // Example secondary config entries. It can be convenient to become // a secondary at least for the zone where your own domain is in. Ask // your network administrator for the IP address of the responsible // primary. // // Never forget to include the reverse lookup (IN-ADDR.ARPA) zone! // (This is the first bytes of the respective IP address, in reverse // order, with ".IN-ADDR.ARPA" appended.) // // Before starting to setup a primary zone, better make sure you fully // understand how DNS and BIND works, however. There are sometimes // unobvious pitfalls. Setting up a secondary is comparably simpler. // // NB: Don't blindly enable the examples below. :-) Use actual names // and addresses instead. // // NOTE!!! FreeBSD runs bind in a sandbox (see named_flags in rc.conf). // The directory containing the secondary zones must be write accessible=20 // to bind. The following sequence is suggested: // // mkdir /etc/namedb/s // chown bind.bind /etc/namedb/s // chmod 750 /etc/namedb/s /* zone "domain.com" { type slave; file "s/domain.com.bak"; masters { 192.168.1.1; }; }; zone "0.168.192.in-addr.arpa" { type slave; file "s/0.168.192.in-addr.arpa.bak"; masters { 192.168.1.1; }; }; */ Any ideas? John. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message