Date: Mon, 14 Oct 2002 22:40:22 +0100 From: Ceri Davies <setantae@submonkey.net> To: sroberts@dsl.pipex.com Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: Caching namesever in sandbox not resolving local boxes Message-ID: <20021014214022.GB20784@submonkey.net> In-Reply-To: <1034627454.363.48.camel@Demon.vickiandstacey.com> References: <1034622133.363.34.camel@Demon.vickiandstacey.com> <20021014191411.GA18690@submonkey.net> <1034627454.363.48.camel@Demon.vickiandstacey.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 14, 2002 at 09:30:51PM +0100, Stacey Roberts wrote:
> >From what I've learnt here, it would seem as if I've not thought this
> one out completely, and haven't got the "right kind" of nameserver
> set-up.
Not yet, but you're 90% of the way there.
> You mentioned that it'd be better to explain what I would like to
> achieve: I'd like to have a named set-up that allows me to host DNS
> information for my private lan, but also one that facilitates name
> resolution of external hosts (via my ISP's upstream NS's).
OK, that's cool - you've already done the second bit, just point your
internal hosts to the nameserver that you've already set up.
> What I did was "literally" follow the handbook with respect to even the
> naming convention used, so that /etc/namedb has this:
< snip - I'm familiar with this for some reason or other ;) >
> ..., and the only zone file I have at the moment is a copy of that
> suggested in the handbook:
<snip localhost. zone>
> What I'd appreciate is information on whether or not I can adjust my
> bind set-up so as to achieve my intentions from where I am at the
> moment.
Yup, for sure you can - all you need to do is add a zone.
Here you've got a decision to make - what domain name are you going to use
internally ? I use submonkey.net for all my hosts that are on the Internet
proper, and private.submonkey.net for machines that are on the internal LAN.
I'm going to assume you want to do the same, and for the purpose of this
discussion that the domain name you'll be using is example.com (although
if a submonkey.net slips in to the example below, then it's just because
I've cutnpasted and have missed one, so mentally substitute example.com).
In named.conf, you're going to want to add a zone statement for the zone
private.example.com (note that there is no need for you to advise anyone
responsible for the DNS for example.com for this to work properly, unless
you want people to get at hosts in private.example.com) :
In named.conf :
zone "private.example.com" in {
type master;
file "master/private.example.com.db";
allow-query{ 127/8; 192.168.10/24; };
};
Then create the file ${NAMED_ROOT}/master/private.example.com.db containing
[note that my time-to-live, expire, etc. are quite large, as this network is
pretty much static] all your host information :
$TTL 864000
$ORIGIN example.com.
private IN SOA amam.private.example.com. root.example.com. (
2002032302 43200 3600 604800 172800 )
IN NS amam.private.example.com.
IN NS rhadamanth.private.example.com.
$ORIGIN private.example.com.
rhadamanth IN A 192.168.10.1
hoatzin IN A 192.168.10.3
amam IN A 192.168.10.5
test-router IN A 192.168.10.254
www-cache IN CNAME rhadamanth
www IN CNAME amam
tftp IN CNAME amam
ftp IN CNAME amam
news IN CNAME news.cable.ntlworld.com.
Now reload named, and assuming that you've not made any errors in the above
files (check /var/log/messages) then your forward DNS now works for hosts on
your LAN.
If you want reverse DNS working as well, then add this zone statement to
named.conf (modify for your RFC 1918 network(s)) :
zone "10.168.192.in-addr.arpa" in {
type master;
file "master/192.168.10.db";
allow-query{ 127/8; 192.168.10/24; };
};
Then in ${NAMED_ROOT}/master/192.168.10.db :
$TTL 864000
$ORIGIN 168.192.in-addr.arpa.
10 IN SOA amam.private.example.com. root.example.com. (
2002032300 43200 3600 604800 172800 )
IN NS amam.private.example.com.
IN NS rhadamanth.private.example.com.
$ORIGIN 10.168.192.in-addr.arpa.
1 IN PTR rhadamanth.private.example.com.
3 IN PTR hoatzin.private.example.com.
5 IN PTR amam.private.example.com.
254 IN PTR test-router.private.example.com.
Job's a good 'un.
> Thanks so much for taking the time (both of you).
No problem.
If you need any more help on this, then let me know (and if others on the
list are getting bored, please say so and we'll take this to private mail).
Ceri
--
you can't see when light's so strong
you can't see when light is gone
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021014214022.GB20784>