From owner-freebsd-questions Mon Jan 27 17:58:56 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2488F37B401 for ; Mon, 27 Jan 2003 17:58:54 -0800 (PST) Received: from anu.edu.au (anumail4.anu.edu.au [150.203.2.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id C065343F79 for ; Mon, 27 Jan 2003 17:58:52 -0800 (PST) (envelope-from Gregory.Lane@anu.edu.au) Received: from nucl03.anu.edu.au (nucl03.anu.edu.au [150.203.19.120]) by anu.edu.au (8.12.4/8.12.4) with ESMTP id h0S1woBo017496; Tue, 28 Jan 2003 12:58:50 +1100 (EST) Received: from nucl03.anu.edu.au (localhost [127.0.0.1]) by nucl03.anu.edu.au (8.12.6/8.12.3) with ESMTP id h0S1wogX076855; Tue, 28 Jan 2003 12:58:50 +1100 (EST) (envelope-from gjl103@nucl03.anu.edu.au) Received: (from gjl103@localhost) by nucl03.anu.edu.au (8.12.6/8.12.6/Submit) id h0S1wnGh076854; Tue, 28 Jan 2003 12:58:49 +1100 (EST) Date: Tue, 28 Jan 2003 12:58:49 +1100 From: Greg Lane To: freebsd-questions@FreeBSD.ORG Cc: leblanc+freebsd@keyslapper.org Subject: Re: Caching nameserver question - I need a spot here . . . Message-ID: <20030128015849.GA76718@nucl03.anu.edu.au> Reply-To: gregory.lane@anu.edu.au Mail-Followup-To: freebsd-questions@FreeBSD.ORG, leblanc+freebsd@keyslapper.org References: <20030127221529.GB36301@keyslapper.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030127221529.GB36301@keyslapper.org> User-Agent: Mutt/1.4i X-Sender: gregory.lane@anu.edu.au X-Sender-Domain: anu.edu.au X-Spam-Status: Scanned X-Spam-Score: (-3.4) X-Spam-Tests: IN_REP_TO X-Scanned-By: MIMEDefang 2.15 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Jan 27, 2003 at 05:15:29PM -0500, Louis LeBlanc wrote: > Hey all. I'm finally getting around to setting up a caching dns > server. Pretty confusing from my angle. > > Here's what I have so far: > named enaabled in /etc/rc.conf > cd to /etc/namedb and run sh make-localhost > > and the following in /etc/namedb/named.conf: > > options { > directory "/etc/namedb"; > forward first; > forwarders { > 151.203.0.84; > 151.202.0.84; > }; > listen-on { 10.8.20.5; }; > version "surely you must be joking" > query-source address * port 53; > }; > > > zone "." { > type hint; > file "named.root"; > }; > > zone "0.0.127.IN-ADDR.ARPA" { > type master; > file "localhost.rev"; > }; > G'day Louis, The only differences I can see between this and my working configuration at home is 1/. I have "forward only" rather than "forward first". So far my DNS providers haven't failed me! 2/. I run named as a non-privileged user. I haven't configured a complete sandbox (see http://www.au.freebsd.org/doc/en_US.ISO8859-1/books/handbook/dns.html#NAMED-SANDBOX for that), but just did the following: mkdir /etc/namedb/s chown bind:bind /etc/namedb/s chmod 750 /etc/namedb/s Add the following to the options in named.conf dump-file "s/named_dump.db"; and named_flags="-u bind -g bind" to /etc/rc.conf. 3/. I don't have the version and query-source lines. I don't believe they'll break anything for you. 4/. I have set up an authorative "lane.family" domain for my home network 5/. You may want to add 127.0.0.1 to your listen-on option. I can't see anything in your setup as is that will wreak havoc on the internet, but I am not an expert. I would at least run it as bind:bind rather than root as it is trivial to set up. A complete sandbox is better, and of course a jail would be even better, but they are both more work. Greg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message