From owner-freebsd-stable@FreeBSD.ORG  Fri Jun 29 06:17:59 2007
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id D429616A468
	for <freebsd-stable@freebsd.org>; Fri, 29 Jun 2007 06:17:59 +0000 (UTC)
	(envelope-from jdc@parodius.com)
Received: from mx01.sc1.parodius.com (mx01.sc1.parodius.com [72.20.106.3])
	by mx1.freebsd.org (Postfix) with ESMTP id B737013C46A
	for <freebsd-stable@freebsd.org>; Fri, 29 Jun 2007 06:17:59 +0000 (UTC)
	(envelope-from jdc@parodius.com)
Received: by mx01.sc1.parodius.com (Postfix, from userid 1000)
	id 803291CC01C; Thu, 28 Jun 2007 23:17:59 -0700 (PDT)
Date: Thu, 28 Jun 2007 23:17:59 -0700
From: Jeremy Chadwick <koitsu@FreeBSD.org>
To: Minseok Choi <eraser95@gmail.com>
Message-ID: <20070629061759.GA80179@eos.sc1.parodius.com>
Mail-Followup-To: Minseok Choi <eraser95@gmail.com>,
	ait ^__~ <ait.meijin@gmail.com>, freebsd-stable@freebsd.org
References: <e4ffd2990706282212m7c6eb5dex2ec067f3c1a64822@mail.gmail.com>
	<7011c4710706282253g2d2ff041m7b1678fe08c4190c@mail.gmail.com>
	<e4ffd2990706282301q58e0aea6tdb3f8e0425b2e697@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <e4ffd2990706282301q58e0aea6tdb3f8e0425b2e697@mail.gmail.com>
User-Agent: Mutt/1.5.15 (2007-04-06)
Cc: freebsd-stable@freebsd.org, ait ^__~ <ait.meijin@gmail.com>
Subject: Re: BIND Configuration
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jun 2007 06:17:59 -0000

On Thu, Jun 28, 2007 at 11:01:00PM -0700, Minseok Choi wrote:
>  Yes, dns-server itself seems to work very well. when I query some public
>  domains - google.com, yahoo.com -, the result is fine.
>  but when I put zone files to /etc/namedb/named.conf, the domain is not
>  resolved.
> 
>  One more thing, /etc/resolv.conf is changed whenever the server reboot
>  because the server get dynamic IP from ISP.

Okay, so your FreeBSD box is also acting as a router.

You should therefore set up BIND/named locally, and tell dhclient (or
whatever you're using to fetch an IP address from your ISP) to **not**
modify resolv.conf.  Make note of what those nameserver IPs are though,
you'll need them below.

Pick a "fake domain" for yourself (such as home.lan or something that
won't be used on the Internet; a fake TLD is the way to go).

Make sure your machine name is set in rc.conf to a FQDN, such as
myboxname.home.lan.  You can set this without rebooting by doing (as
root) "hostname myboxname.home.lan".

Next, you should go into /etc/namedb and run "sh make-localhost" as
root.  If you've done this in the past, you should do a rm
/etc/namedb/master/localhost-v6.rev /etc/namedb/master/localhost.rev
first.

In your named.conf, you'll claim to be authoritative for home.lan and
declare it as such via a zone "home.lan" {} container.  See below.

Finally, you should declare a list of forwarders in options {} which
your nameserver will forward all recursive DNS queries through (it will
still answer for anything it claims to be authoritative for, such as
home.lan).  DO NOT use "forward only".

Example (taken from my own setup at home, where 192.168.1.51 *is not*
a router, but if it was, I'd tell dhclient or whatever *not* to
modify resolv.conf :-) ):

/etc/rc.conf
============
hostname="icarus.home.lan"
ifconfig_nve0="inet 192.168.1.51 netmask 255.255.255.0"
defaultrouter="192.168.1.1"

/etc/hosts
==========
127.0.0.1               localhost localhost.home.lan
192.168.1.51            icarus.home.lan icarus

/etc/resolv.conf
================
search home.lan
nameserver 127.0.0.1

/etc/namedb/namedb.conf
=======================
options {
	/* Some stuff removed from here; doesn't apply to you :) */
        forwarders {
                206.13.28.12;
                206.13.29.12;
        };
};
zone "home.lan" {
        type master;
        file "master/zone.home.lan";
};
zone "1.168.192.in-addr.arpa" {
        type master;
        file "master/zone.192.168.1";
};


/etc/namedb/master/zone.home.lan
================================
$TTL    3600

@       IN      SOA     icarus.home.lan. root.icarus.home.lan.  (
                2007052501      ; Serial
                3600            ; Refresh
                900             ; Retry
                3600000         ; Expire
                3600 )          ; Minimum

	IN NS	icarus.home.lan.
	IN MX 10 icarus.home.lan.
icarus	IN A    192.168.1.51


/etc/namedb/master/zone.192.168.1
=================================
$TTL    3600

@       IN      SOA     icarus.home.lan. root.icarus.home.lan.  (
                        2005122608      ; Serial
                        3600            ; Refresh
                        900             ; Retry
                        3600000         ; Expire
                        3600 )          ; Minimum

	IN NS   icarus.home.lan.
51      IN PTR  icarus.home.lan.

-- 
| Jeremy Chadwick                                    jdc at parodius.com |
| Parodius Networking                           http://www.parodius.com/ |
| UNIX Systems Administrator                      Mountain View, CA, USA |
| Making life hard for others since 1977.                  PGP: 4BD6C0CB |