Site Navigation

Date:      Wed, 16 Feb 2000 19:11:02 +0000 (GMT)
From:      Terry Lambert <tlambert@primenet.com>
To:        gmarco@scotty.masternet.it (Gianmarco Giovannelli)
Cc:        chat@FreeBSD.ORG
Subject:   Re: Nuovo DNS
Message-ID:  <200002161911.MAA17319@usr02.primenet.com>
In-Reply-To: <38AA8642.2E09B5E2@scotty.masternet.it> from "Gianmarco Giovannelli" at Feb 16, 2000 12:13:06 PM

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

This really belongs on questions, and it really belongs on DNS
questions rather than on FreeBSD questions.


> Come sapete il nuovo DNS accetta un parametro TTL per ogni host della
> singola zona, se non lo trova genera un warning:
> 
> Il problema quindi sta nel convertire un file vecchia maniera (es di una
> intranet):
> 
> ######### OLD STYLE
> cofinco.it.     IN SOA gmarco.cofinco.it. gmarco.freebsd.cofinco.it. (
>                 1999121301      ; serial
>                 10800           ; Refresh
>                 3600            ; Retry
>                 604800          ; Expire
>                 86400)          ; Minimum TTL
> 
>                         IN MX   10      freebsd.cofinco.it.
>                         IN A    192.168.0.1
> 
> 
> cofinco.it.             IN NS           192.168.0.1     
> cofinco.it.             IN NS           151.99.150.6
> cofinco.it.             IN NS           194.184.65.2
> 
> freebsd                 IN A            192.168.0.1
> lombardo                IN A            192.168.0.101
> daniela                 IN A            192.168.0.102
> empty1                  IN A            192.168.0.103
> rachele                 IN A            192.168.0.104
> leo                     IN A            192.168.0.105
> ornella                 IN A            192.168.0.106
> luigi                   IN A            192.168.0.107
> 
> ######### NEW STYLE
> 
> cofinco.it.  86400   IN SOA gmarco.cofinco.it.
> gmarco.freebsd.cofinco.it. (
> 
>                 1999121301      ; serial
>                 10800           ; Refresh
>                 3600            ; Retry
>                 604800          ; Expire
>                 86400)          ; Minimum TTL
> 
>                86400     IN MX   10      freebsd.cofinco.it.
>                86400     IN A    192.168.0.1
> 
> 
> cofinco.it.     86400    IN NS           192.168.0.1     
> cofinco.it.     86400    IN NS           151.99.150.6
> cofinco.it.     86400    IN NS           194.184.65.2

You can't really do this.  192.168 is a non-routable class C
network, so you aren't going to get an authoritative answer from
either of your external name servers.

You are really probably trying to either get "views", which you
can't currently have, where a local lookup failure results in a
relookup in an external DNS server.  This is useful for a split
horizon DNS server, but will not be available until bind 9 (see
<http://www.isc.org/producets/BIND/>; for details), OR you are
trying to get backup nameservers listed.


For the "new" format, it should probably be:

---------------------------------------------------------
@	IN	SOA	cofinco.it.	gmarco.cofinco.it. (
		1999121301	; Serial number
		10800		; Refresh interval
		3600		; Retry interval
		604800		; Expiration
		86400 )		; Minimum

; Nameserver List
	IN	NS		freebsd.cofinco.it.
; Domain Address
	IN	A		192.168.0.1
gmarco	IN	A		192.168.0.1
---------------------------------------------------------

And so on.

If you are trying to run split horizon (e.g. this is a dial-on-demand
Internet connection with a local network behind FreeBSD running as a
NAT box), they you will need to get more complicated in your setup.
Specifically, you will have to run two DNS servers, one interior and
one exterior, and you will have to specify the addresses to which
they are bound.  If you are using dynamic IP, you will have to wait
to start the exterior server as part of your linkup script.

There are directions on how to do this in the O'Reilly BIND book.
For the interior named.boot file, you will need to add something
like:

---------------------------------------------------------
options {
	directory	"/var/dns-interior";
	listen-on	{ 127.0.0.1; 192.168.1.1; };
	// only define this after the link is up, and point it
	// to the nameserver bound to the link up address, if you
	// are using a dynamic IP address.
	forwarders {
		xxx.xxx.xxx.xxx;
	};
};

zone "127.in-addr.arpa" {
	type	master;
	file	"named.rev.127";
};
zone "0.168.192.in-addr.arpa" {
	type	master;
	file	"named.rev.0.168.192";
};
---------------------------------------------------------


> Ora la cosa fatta a mano va bene per un dominio ma se uno ne ha circa
> 480 di zone da modificare la cosa puo' diventare noiosa.
> Siccome la problematica dovrebbe essere comune a molti c'e' nessuno che
> ha gia' fatto uno script awk/perl/sh per convertire i file ?
> 
> Altrimenti mi metto al lavoro :-)

You could maybe use a scripted interface.  Personally, I would
either regenerate the data and kick the named(s).  The problem
with sripting calls to DNSUPDAT is that the ACLs are based on
IP address and not certificate.  This would allow you to update
the interior DNS, but, not knowing the exterior IP address
beforehand, you will be screwed.

PS: My Italian reading skills are hellaciously rusty, so I may
not be answering the exact question you are asking; if not,
please ignore the response.  8-).


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002161911.MAA17319>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact