Date: 15 Sep 2002 19:14:12 +0100 From: Stacey Roberts <stacey@Demon.vickiandstacey.com> To: dan@slightlystrange.org Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: Request for proof of sendmail config procedure Message-ID: <1032113653.353.30.camel@Demon.vickiandstacey.com> In-Reply-To: <20020909184157.GA5228@catflap.home.slightlystrange.org> References: <1031506596.16286.89.camel@Demon.vickiandstacey.com> <20020909102727.GA3392@catflap.home.slightlystrange.org> <1031595414.345.14.camel@Demon.vickiandstacey.com> <20020909184157.GA5228@catflap.home.slightlystrange.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-tiPa0ih0c8OtZa2QH5NC
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Hi Daniel,
Sorry to have to come back to you on this again, but I need some
clarification on one point you made in your last reply about running a
caching nameserver. Where you mentioned:
> You can certainly run a caching nameserver - this is actually quite a
> polite thing to do - the more you cache, the less you send out to the
> 'Net. I use BIND for this, and the config is pretty straight forward.
I'd like to run the caching nameserver, but run it in a sandbox. I've
been reading the online Handbook, which aptly has a section on running
bind in a sandbox. There is a reference to running a caching nameserver,
but I'd like to make sure I have the sequence of steps correct before
proceeding. Is this sequence correct? (from the Running bind in a
sandbox section):
1] Follow the procedure in the online Handbook
1.1] Create all directories that named expects to see
1.2] Rearrange and create basic zone and configuration files
1.3] Build a statically linked copy of named-xfer, and copy it into the
sandbox
1.4] Make a dev/null that named can see and write to
1.5] Symlink /var/run/ndc to /etc/namedb/var/run/ndc
1.6] Configure syslogd(8) to create an extra log socket that named can
write to
1.7 Arrange to have named start and chroot itself to the sandbox
2] At the "The next step is to edit /etc/namedb/etc/named.conf so that
named knows which zones to load and where to find them on the disk"
stage, I:
2.1] Don't worry about including Zone Entries at the bottom
2.2] Enable the "forwarders" section and enter the IP addr (How can I
use both my ISP's nameserver IP's?)
2.3] Reboot
What I also am not sure about is the fact that the procedure above would
not (as it appears to me) include information about my registered domain
name and the gateway box that my ZoneEdit account is configured with.
Where the Handbook says (about running a caching nameserver):
"To set one up, just configure the name server as usual, omitting any
inclusions of zones."
Does this really mean that I don't include the following (from "The next
step is to edit /etc/namedb/etc/named.conf" section):
// Zones follow:
zone "localhost" IN {
type master;
file "master/named.localhost";
allow-transfer { localhost; };
notify no;
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "master/localhost.rev";
allow-transfer { localhost; };
notify no;
};
zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.int"
{
type master;
file "master/localhost-v6.rev";
allow-transfer { localhost; };
notify no;
};
zone "." IN {
type hint;
file "master/named.root";
};
I'm sorry if this is all jumbled up, but I think I referenced the
relevant sections of the Handbook as best I can for the format of the
question posed. Do let me know if I need to explain myself any better,
please.
Thanks in advance.
Stacey
On Mon, 2002-09-09 at 19:41, Daniel Bye wrote:
> On Mon, Sep 09, 2002 at 07:16:53PM +0100, Stacey Roberts wrote:
> > Sorry my reply is this late.
>=20
> No problem - I have a day job that gets in the way of reading the lists,
> too! ;-)
>=20
> > I actually *do* have an account with ZoneEdit.com, and I use ddclient t=
o
> > check and update my external IP address.
>=20
> Yep, sounds right.
>=20
> > Currently, ZoneEdit provide the two nameservers with which I registered
> > my domain name, and as such provide primary DNS for my domain (as
> > against my ISP's nameservers which are used on my FBSD g'way in
> > /etc/resolv.conf)
> >=20
> > Like I said, I've not done *anything* to sendmail as yet, but would lik=
e
> > to run a mail server that processes mail for my domain. Here's what I
> > know what is expected:
> >=20
> > Run "make" in /etc/mail
> > Create local-hostname file in /etc/mail and populate with the domains
> > sendmail is to act for
> > Backup sendmail.cf & hostname.mc (or freebsd.mc in my case)
> > Edit .mc file in /etc/mail
> > Use m4 compiler to generate hostname.cf
> > Copy hostname.cf to sendmail.cf
> > Restart sendmail
>=20
> As I mentioned earlier, I can't help with this - exim is (IMHO) far easie=
r
> to manage than sendmail - the sendmail config file makes me feel slightly
> queasy... I know you can make it masquerade though, but I'll not try
> to explain how - I'll leave it to someone who knows.
>=20
> > Now from what I know of sendmail, attempting to run a fully configured
> > (with FQDN; mailer rules & masquerading) sendmail with a badly / non /
> > incorrectly configured DNS is just asking for trouble - hence my post. =
I
> > am sorry if my initial post was less than clear on the info I require.
> >=20
> > In essence then:-
> > Do I / Can I run my own nameserver on my local network?
> > Do I create slave or master zone entries?
>=20
> You can certainly run a caching nameserver - this is actually quite a
> polite thing to do - the more you cache, the less you send out to the
> 'Net. I use BIND for this, and the config is pretty straight forward.
> Others use djbdns, but I never got on with it. See which you prefer.
>=20
> Following on from that, no, you won't run any primary or slave zones.
> ZoneEdit's servers will answer requests for your mail server's address
> when another mail server has something to deliver. My ZoneEdit account
> specifies that mail for my domain is directed to my host - there is no
> need to specify more then this to handle incoming mail.
>=20
> For outgoing mail, you can either use your ISP's resolvers, or, if you
> set up a caching name server, set your primary resolver to 127.0.0.1.
> The config for your resolver will then have settings for upstream resolve=
rs
> to query - usually your ISP's, again. Sendmail (and any other app that
> needs name resolution services) will then use the right resolvers, based
> on what they find in /etc/resolv.conf
>=20
> I hope I am closer to the mark this time! ;-)
>=20
> Dan
>=20
> > Like I mentioned earlier, I would understand if this is asking too much
> > in one post, but I'd appreciate someone who might have been in the same
> > situation to give me some pointers / guidance on this one.
> >=20
> > Thanks for taking the time to respond, Dan.
> >=20
> > Stacey
> > >=20
>=20
> --=20
> Daniel Bye
>=20
> PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc
> PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC
> _
> ASCII ribbon campaign ( )
> - against HTML, vCards and X
> - proprietary attachments in e-mail / \
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
--=20
Stacey Roberts
B.Sc (HONS) Computer Science
Web: www.vickiandstacey.com
--=-tiPa0ih0c8OtZa2QH5NC
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQEVAwUAPYTN85vQeubckvvXAQFR9AgArkugYULCy9M5du3EuRsinpK9s5BBgD0v
oKFQ25eUJezx3et0jeBudSTolV3EpCz9buPgw7LBV1e02+Xh1Zc19+AdO9kREZuF
6doB2kiBaWJdx3aJ3rDMAcWvwsntHEc/gj/g7LoGvQehW0o8vrj/2kDCp3M43liL
ntAk4wQ0Au0MmEvZuAxWCY3O0GoECxsh2cPRQ67E+qa8qhbgts8IVz2QXVzXQzgb
zU4+jvK6ln9so7omuK1Pixhp1jTHxRIXfxWu3clI4qTgX69Dtj539UHic3zIOy8+
RNvR+UM0JzAQtr49WGnVPaBtLND04eM0brd/VAvRqcz6xgM0GOseYw==
=PbQq
-----END PGP SIGNATURE-----
--=-tiPa0ih0c8OtZa2QH5NC--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1032113653.353.30.camel>