From owner-freebsd-questions@FreeBSD.ORG Fri Dec 1 22:29:26 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 95A5016A492 for ; Fri, 1 Dec 2006 22:29:26 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.187.76.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id E033043CAC for ; Fri, 1 Dec 2006 22:29:00 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from [IPv6:::1] (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.13.8/8.13.8) with ESMTP id kB1MSZsF031388; Fri, 1 Dec 2006 22:28:36 GMT (envelope-from m.seaman@infracaninophile.co.uk) Authentication-Results: smtp.infracaninophile.co.uk from=m.seaman@infracaninophile.co.uk; sender-id=fail (NotPermitted); spf=fail (NotPermitted) X-SenderID: Sendmail Sender-ID Filter v0.2.14 smtp.infracaninophile.co.uk kB1MSZsF031388 Message-ID: <4570AC93.60600@infracaninophile.co.uk> Date: Fri, 01 Dec 2006 22:28:35 +0000 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 1.5.0.8 (X11/20061110) MIME-Version: 1.0 To: Andrew Falanga References: <340a29540612011303n4b6d6367gc385021cfe0be7dc@mail.gmail.com> In-Reply-To: <340a29540612011303n4b6d6367gc385021cfe0be7dc@mail.gmail.com> X-Enigmail-Version: 0.94.0.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig9366713FB41229EA59C57912" X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (smtp.infracaninophile.co.uk [IPv6:::1]); Fri, 01 Dec 2006 22:29:07 +0000 (GMT) X-Virus-Scanned: ClamAV 0.88.6/2269/Fri Dec 1 18:17:05 2006 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00, DKIM_POLICY_TESTING,NO_RELAYS autolearn=ham version=3.1.7 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on happy-idiot-talk.infracaninophile.co.uk Cc: freebsd-questions Subject: Re: Configuring DNS (BIND) in isolation X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Dec 2006 22:29:26 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig9366713FB41229EA59C57912 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Andrew Falanga wrote: > I have a need to make my own DNS system on an isolated network. Years = ago, > I administered DNS for a couple of different companies, but that was > quite a > while ago and since I've turned to programming I haven't done much in t= he > way of network administration. I recall from using BIND 4, when I was > reading up on it, that it is most certainly possible to configure an en= tire > DNS system on a totally isolated network. >=20 > Would I need zone files for the root, ".", zone and any other zones I > configure; e.g. "isolation."? This would seem to be the way to go abou= t > it, > but I'm having some difficulty visualizing it in my head. I just did s= ome > searches online for the O'Reilly book "DNS & BIND". I recall using thi= s > book in the past and it was quite helpful (and unfortunately for me, > belonged to my former employers). Would this book be a good reference = for > this task as well, or are there better books that I might want to look = into > getting for this? Or, are there good on-line resources that could help= me > muddle through? You're on the right track. Yes, you'ld need a zone file for the root of your DNS -- if it's all served from one machine then that would replace t= he 'hint' zone and named.root stuff in the example named.conf=20 The zone file for '.' would contain an SOA record and then delegation for= whatever forward and reverse domains you want to use. Eg. supposing you want to use the TLD 'in.isolation' with IP numbers from 192.168.0.0/24 then you'ld need something like: ; ; Root of the private domain name system ; $TTL 604800 ; 1 week @ IN SOA ns0.in.isolation. hostmaster.in.isolation. = ( 2006120100 ; Serial 1800 ; Refresh (30min) 900 ; Retry (15min) 604800 ; Expire (1week) 86400 ) ; Minimum (1day) in.isolation. IN NS ns0.in.isolation. 0.168.192.in-addr.arpa. IN NS ns0.in.isolation. ns0.in.isolation. IN A 192.168.0.1 ; Glue ; ; That's All Folks! ; Then you'ld need the zone files for 'in.isolation.' and '0.168.192.in-addr.arpa' The O'Reilly book 'DNS & Bind' by Ablitz and Liu is well worth obtaining.= Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig9366713FB41229EA59C57912 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFcKyT8Mjk52CukIwRCC6WAKCUZ3piWFbRd5k4/Rh3wbhiP866qgCdHRhx u6O8PGzTdw9Ds7fyt4t+Zys= =4K/k -----END PGP SIGNATURE----- --------------enig9366713FB41229EA59C57912--