From owner-freebsd-questions Sat Nov 2 14:31:27 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDC7537B401 for ; Sat, 2 Nov 2002 14:31:24 -0800 (PST) Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8391C43E77 for ; Sat, 2 Nov 2002 14:31:24 -0800 (PST) (envelope-from paulbeard@mac.com) Received: from mac.com ([12.231.115.57]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20021102223124.WKPL27144.rwcrmhc52.attbi.com@mac.com> for ; Sat, 2 Nov 2002 22:31:24 +0000 Message-ID: <3DC4522A.5080908@mac.com> Date: Sat, 02 Nov 2002 14:31:06 -0800 From: paul beard User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021101 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG Subject: caching nameserver (was Resolving hostnames takes "forever") References: <200211021432.19756.freebsd.nospam@mekanix.dk> <20021102144105.GA1116@happy-idiot-talk.infracaninophi> <1036250840.74419.67.camel@prometheus> <20021102173007.GC1116@happy-idiot-talk.infracaninophi> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Matthew Seaman wrote: > > Not knowing anything about your site, that's not something I can give > a definite answer to. However, running a DNS cache on a local LAN > segment is pretty simple to do, and usually improves performance. If > you run the /etc/namedb/make-localhost script and then fire up the > default named with the config that comes with FreeBSD, it will act as > a caching nameserver. This answers questions I didn't realize I had . . . . Couple of niggling details: I found I had to run the make-localhost script from w/in /etc/named. It looks in "." for a needed file, rather than /etc/named. Pehaps set a value for ${NAMED_DIR}? Next I did these: > Add: > > named_enable="YES" > named_flags="-u bind -g bind" > > to /etc/rc.conf, and put the IP number of your server as the first > choice in /etc/resolv.conf: > > nameserver 12.34.56.78 > > for the correct value of "12.34.56.78" I've done this, but I can't get 192.168.2.1 to resolved addresses in nslookup unless I drop into interactive mode and specify it. Examples follow: [/etc/namedb]# nslookup *** Can't find server name for address 192.168.2.1: Non-existent host/domain Default Server: ns1.attbi.com Address: 204.127.198.4 [/etc/namedb]# nslookup *** Can't find server name for address 192.168.2.1: Non-existent host/domain Default Server: ns1.attbi.com Address: 204.127.198.4 > server 192.168.2.1 Default Server: [192.168.2.1] Address: 192.168.2.1 > ftp.freebsd.org Server: [192.168.2.1] Address: 192.168.2.1 Non-authoritative answer: Name: ftp.beastie.tdk.net Address: 62.243.72.50 Aliases: ftp.freebsd.org > Note however that this configuration will allow anyone on the net who > can get packets to port 53 of your server to use your named to do > recursive lookups --- consult the named.conf(5) man page and the > documentation at http://www.isc.org/products/BIND/docs/index.html to > find out how to configure it better. This looks like something you can do with an acl to permit only your local network(s). I'm not sure how I invoke it after I set it. As near as I can make out, this is what I need to permit only queries from my local network. // acl list acl home { 192.168.2/255.255.255.0 }; allow_query { address_match_list (home); }; -- Paul Beard / 8040 27th Ave NE / Seattle WA 98115 / paulbeard [at] mac [ dot] com / 206 529 8400 weblog @ In Seattle, Washington, it is illegal to carry a concealed weapon that is over six feet in length. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message