From owner-freebsd-questions  Mon Dec 17  5:42: 1 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from dire.bris.ac.uk (dire.bris.ac.uk [137.222.10.60])
	by hub.freebsd.org (Postfix) with ESMTP id 3EEE637B41A
	for <freebsd-questions@freebsd.org>; Mon, 17 Dec 2001 05:41:56 -0800 (PST)
Received: from mail.ilrt.bris.ac.uk by dire.bris.ac.uk with SMTP-PRIV 
          with ESMTP; Mon, 17 Dec 2001 13:41:50 +0000
Received: from cmjg (helo=localhost)	by mail.ilrt.bris.ac.uk 
          with local-esmtp (Exim 3.16 #1)	id 16Fy0u-00032L-00;
          Mon, 17 Dec 2001 13:41:04 +0000
Date: Mon, 17 Dec 2001 13:41:04 +0000 (GMT)
From: Jan Grant <Jan.Grant@bristol.ac.uk>
X-X-Sender:  <cmjg@mail.ilrt.bris.ac.uk>
To: Martin Karlsson <martin.karlsson@visit.se>
Cc: freebsd-questions <freebsd-questions@freebsd.org>
Subject: Re: "private" DNS by-passing my ISPs? (Was: Re: /etc/hosts...)
In-Reply-To: <20011217143137.A13740@foo31-249.visit.se>
Message-ID: <Pine.GSO.4.31.0112171335110.10975-100000@mail.ilrt.bris.ac.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Mon, 17 Dec 2001, Martin Karlsson wrote:

> Any particular pitfalls I should avoid when setting one up? A link to a
> good tutorial? Everything is welcome...

Ironically,
	http://www.linuxdoc.org/HOWTO/DNS-HOWTO-3.html
looks reasonable. I'm also given to understand that djbdns works well in
this regard; it's also odds-on to have fewer security concerns than
ISC's bind :-/

...which brings up the other issue; if you're going to use FreeBSD's
named then make sure that you keep it up-to-date.

jan

PS. That's the case for any service you expose to the wide world, which
you must do to receive DNS responses. If you're running a firewall, you
could get port 53 to respond only to localhost-originated requests, and
correspondingly ensure that named avoids port 53 to originate its DNS
requests; that might mitigate some potential problems. This is just
being careful; there are no issues that I'm aware of with the named in
-stable (and when they occur, they generally get dealt with quickly).


-- 
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk
Semantic rules, OK?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message