From owner-freebsd-questions@FreeBSD.ORG Tue Jul 6 10:23:26 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6DBFB16A4CE for ; Tue, 6 Jul 2004 10:23:26 +0000 (GMT) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 75E1643D5C for ; Tue, 6 Jul 2004 10:23:25 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) i66ANG1s023510 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 6 Jul 2004 11:23:16 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i66ANG69023509; Tue, 6 Jul 2004 11:23:16 +0100 (BST) (envelope-from matthew) Date: Tue, 6 Jul 2004 11:23:16 +0100 From: Matthew Seaman To: Clint Olsen Message-ID: <20040706102316.GB9617@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Clint Olsen , questions@freebsd.org References: <20040705202019.GC40182@0lsen.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="mojUlQ0s9EVzWg2t" Content-Disposition: inline In-Reply-To: <20040705202019.GC40182@0lsen.net> User-Agent: Mutt/1.5.6i X-Greylist: Message not sent from an IPv4 address, not delayed by milter-greylist-1.5.3 (smtp.infracaninophile.co.uk [0.0.0.0]); Tue, 06 Jul 2004 11:23:16 +0100 (BST) X-Virus-Scanned: clamd / ClamAV version devel-20040705, clamav-milter version 0.74a on smtp.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: questions@freebsd.org Subject: Re: Using DHCP /and/ name recognition w/o running BIND X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jul 2004 10:23:26 -0000 --mojUlQ0s9EVzWg2t Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 05, 2004 at 01:20:19PM -0700, Clint Olsen wrote: > I am running a small network behind a D-Link firewall router, and I have a > multitude of machines running on the NAT side. Generally, I use static I= Ps > on the network for the FreeBSD machines (since they are often servers) and > the Windows clients use DHCP. It would be nice if there was some way to = be > able to use the symbolic name for the windows clients since their IP > addresses are free to change all the time. The D-Link does have the > concept of static DHCP where each MAC address is assigned an IP to always > be issued when requested, but I'm concerned that if/when the D-Link gives > up the ghost that I'll have to scramble and find something that's a bit > more robust and not tied to my router capabilities. You could run a DHCP server on one of your FreeBSD boxes. Install the net/isc-dhcp3-server port -- it's fairly easy to set up for a small home network, and you can back up the configuration and even the database of DHCP leases should you have a sudden need to transfer the service to a different machine. http://www.tldp.org/HOWTO/DHCP/index.html If the machines you are providing DHCP service for are permanently installed on your network, you might want to bump up the DHCP lease times to several months. Which is a fairly simple way of allowing machines to keep the same address for a reasonable amount of time. Alternatively you can hardwire the lease on a particular IP number to MAC address -- in which case your DHCP server is really doing BOOTP, but that's neither here nor there from the client's point of view. The third option is to setup Dynamic DNS -- so that the clients can attach their hostnames to the IP addresses your DHCP server gives them. This always seemed over-complicated to me, and gives too much potential for hackery and other mischief. Better to predefine the names corresponding to the IP number, and force the client machine to look up and use that.=20 =20 > It seems to be overkill to run BIND for just my small network here of 4 or > so machines, so I was hoping there was a more lightweight way to handle > this. I don't think so. Lack of DNS performance is something that will cause the most harm to your experience of using the net. Running your own DNS recursive server is the best way to get good DNS performance. =20 For a home network, you can also run authoritive local domains from the same server without to much trouble. So long as your DNS server is on your private network and not accessible externally this should be OK. For public use though, mixing up authoritative and recursive DNS functions on the same server is bad juju, and should only be done by grown-ups. =20 > There seems to be a current undocumented feature of most of these routers > that if you use the router as a DNS server entry that it automagically > forwards those requests to the DNS entries on the WAN side. However, for > tools like nslookup that make explicit connections to the server, this do= es > not work correctly. Yes -- that's simply DNS recursion. You ask the DNS server on your router "what is the IP number corresponding to www.freebsd.org": a recursive server will track the answer down for you, by asking in turn the root servers, the .org TLD servers and the freebsd.org servers on your behalf. Or it will tell you the cached answer it got from doing all that a few minutes previously. An authoritative server will just answer "dunno", unless it happens to be one of the freebsd.org servers. You should still be able to use the usual DNS tools to query other servers directly. eg: % dig @ns0.freebsd.org. www.freebsd.org. IN A If your router is filtering out DNS traffic other than through it's own server, then you'll have to adjust it's programming. It could just be a matter of tweaking the packet filters for UDP traffic on port 53. If your router won't let you do that, get a better one. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --mojUlQ0s9EVzWg2t Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFA6n2UiD657aJF7eIRAkZZAJ0VmWge+C5qjU0Wp/FYVGBer7++CgCgnaYo 3/r7eKkTcBjk1bbS5PMBHt8= =M/9H -----END PGP SIGNATURE----- --mojUlQ0s9EVzWg2t--