From owner-freebsd-questions  Thu Mar 29  7:39:20 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from Thanatos.Shenton.Org (a3.ebbed1.client.atlantech.net [209.190.235.163])
	by hub.freebsd.org (Postfix) with SMTP id B367437B720
	for <questions@FreeBSD.ORG>; Thu, 29 Mar 2001 07:39:11 -0800 (PST)
	(envelope-from chris@Shenton.Org)
Received: (qmail 37188 invoked by uid 1000); 29 Mar 2001 15:39:50 -0000
To: e96sv@efd.lth.se, rsafir@about-inc.com
Cc: Paul Andrews <andrews@powersurfr.com>, questions@FreeBSD.ORG
Subject: Re: djbdns
References: <20010328100651.D24999@viking.dhs.org>
	<20010328123440.A27917@ruben>
From: Chris Shenton <chris@shenton.org>
Date: 29 Mar 2001 10:39:50 -0500
In-Reply-To: Ruben Safir's message of "Wed, 28 Mar 2001 12:34:40 -0500"
Message-ID: <8766gsfut5.fsf@thanatos.shenton.org>
Lines: 35
User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Ruben Safir <rsafir@about-inc.com> writes:

> That's not free software and results with it can vary.

FUD -- please substantiate this. What do you mean "results with it can
vary"? That, unlike BIND, people can't break into your system?

After the last set of gaping security holes, I migrated from BIND to
djbdns.  Much happier now.  If I ran a large ISP, I'd definitely use
it because the computer-friendly "data" file is much easier to
automate managing lots of domains than BIND's named.conf format.


> On Wed, 28 Mar 2001 03:06:52 Sverre Valgeirsson wrote:
> > You're more likely to get help on dns@list.cr.yp.to 
> > (send a mail to dns-subscribe@list.cr.yp.to to subscribe to the list).

Yes, this is the right thing, since DJBDNS isn't FreeBSD-specific.


> > > I have created all the required user accounts and groups..... I
> > > have two NICs in my computer and would like to have the dns
> > > serving both the internal and the external interfaces....

> > > Right now I have dnscache configured for the internal interface
> > > 192.168.0.1 using the following command:

I think the typical installation is to use dnscache on the loopback
interface for local resolution on each machine. Then run tinydns on
each real interface so internal and external clients can query it.

By the way, the most recent tinydns supports "split DNS" so you can
have one view of your domain info available to your internal clients
(e.g., all the info) and another view available to external clients
(e.g., only your public hosts). Works very well.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message