From owner-freebsd-questions Mon Oct 14 14:40:27 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E23837B401 for ; Mon, 14 Oct 2002 14:40:24 -0700 (PDT) Received: from rhadamanth.submonkey.net (pc1-cdif2-4-cust210.cdf.cable.ntl.com [80.4.10.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B06743E9E for ; Mon, 14 Oct 2002 14:40:23 -0700 (PDT) (envelope-from setantae@submonkey.net) Received: from setantae by rhadamanth.submonkey.net with local (Exim 4.10) id 181Cwo-00072O-00; Mon, 14 Oct 2002 22:40:22 +0100 Date: Mon, 14 Oct 2002 22:40:22 +0100 From: Ceri Davies To: sroberts@dsl.pipex.com Cc: FreeBSD Questions Subject: Re: Caching namesever in sandbox not resolving local boxes Message-ID: <20021014214022.GB20784@submonkey.net> Mail-Followup-To: Ceri Davies , sroberts@dsl.pipex.com, FreeBSD Questions References: <1034622133.363.34.camel@Demon.vickiandstacey.com> <20021014191411.GA18690@submonkey.net> <1034627454.363.48.camel@Demon.vickiandstacey.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1034627454.363.48.camel@Demon.vickiandstacey.com> X-message-flag: All your linuxconf-configured redhat are belong to us. User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Oct 14, 2002 at 09:30:51PM +0100, Stacey Roberts wrote: > >From what I've learnt here, it would seem as if I've not thought this > one out completely, and haven't got the "right kind" of nameserver > set-up. Not yet, but you're 90% of the way there. > You mentioned that it'd be better to explain what I would like to > achieve: I'd like to have a named set-up that allows me to host DNS > information for my private lan, but also one that facilitates name > resolution of external hosts (via my ISP's upstream NS's). OK, that's cool - you've already done the second bit, just point your internal hosts to the nameserver that you've already set up. > What I did was "literally" follow the handbook with respect to even the > naming convention used, so that /etc/namedb has this: < snip - I'm familiar with this for some reason or other ;) > > ..., and the only zone file I have at the moment is a copy of that > suggested in the handbook: > What I'd appreciate is information on whether or not I can adjust my > bind set-up so as to achieve my intentions from where I am at the > moment. Yup, for sure you can - all you need to do is add a zone. Here you've got a decision to make - what domain name are you going to use internally ? I use submonkey.net for all my hosts that are on the Internet proper, and private.submonkey.net for machines that are on the internal LAN. I'm going to assume you want to do the same, and for the purpose of this discussion that the domain name you'll be using is example.com (although if a submonkey.net slips in to the example below, then it's just because I've cutnpasted and have missed one, so mentally substitute example.com). In named.conf, you're going to want to add a zone statement for the zone private.example.com (note that there is no need for you to advise anyone responsible for the DNS for example.com for this to work properly, unless you want people to get at hosts in private.example.com) : In named.conf : zone "private.example.com" in { type master; file "master/private.example.com.db"; allow-query{ 127/8; 192.168.10/24; }; }; Then create the file ${NAMED_ROOT}/master/private.example.com.db containing [note that my time-to-live, expire, etc. are quite large, as this network is pretty much static] all your host information : $TTL 864000 $ORIGIN example.com. private IN SOA amam.private.example.com. root.example.com. ( 2002032302 43200 3600 604800 172800 ) IN NS amam.private.example.com. IN NS rhadamanth.private.example.com. $ORIGIN private.example.com. rhadamanth IN A 192.168.10.1 hoatzin IN A 192.168.10.3 amam IN A 192.168.10.5 test-router IN A 192.168.10.254 www-cache IN CNAME rhadamanth www IN CNAME amam tftp IN CNAME amam ftp IN CNAME amam news IN CNAME news.cable.ntlworld.com. Now reload named, and assuming that you've not made any errors in the above files (check /var/log/messages) then your forward DNS now works for hosts on your LAN. If you want reverse DNS working as well, then add this zone statement to named.conf (modify for your RFC 1918 network(s)) : zone "10.168.192.in-addr.arpa" in { type master; file "master/192.168.10.db"; allow-query{ 127/8; 192.168.10/24; }; }; Then in ${NAMED_ROOT}/master/192.168.10.db : $TTL 864000 $ORIGIN 168.192.in-addr.arpa. 10 IN SOA amam.private.example.com. root.example.com. ( 2002032300 43200 3600 604800 172800 ) IN NS amam.private.example.com. IN NS rhadamanth.private.example.com. $ORIGIN 10.168.192.in-addr.arpa. 1 IN PTR rhadamanth.private.example.com. 3 IN PTR hoatzin.private.example.com. 5 IN PTR amam.private.example.com. 254 IN PTR test-router.private.example.com. Job's a good 'un. > Thanks so much for taking the time (both of you). No problem. If you need any more help on this, then let me know (and if others on the list are getting bored, please say so and we'll take this to private mail). Ceri -- you can't see when light's so strong you can't see when light is gone To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message