From owner-freebsd-isp  Tue May 22 10:54:17 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from tethys.valhalla.net (tethys.valhalla.net [195.26.32.112])
	by hub.freebsd.org (Postfix) with ESMTP id 7864937B424
	for <freebsd-isp@freebsd.org>; Tue, 22 May 2001 10:54:13 -0700 (PDT)
	(envelope-from mark@tethys.valhalla.net)
Received: by tethys.valhalla.net (Postfix, from userid 500)
	id 0645E33009; Tue, 22 May 2001 18:54:07 +0100 (BST)
Date: Tue, 22 May 2001 18:54:07 +0100
From: Mark Drayton <mark.drayton@4thwave.co.uk>
To: freebsd-isp@freebsd.org
Subject: Resolving DNS setup
Message-ID: <20010522185407.A30604@tethys.valhalla.net>
Mail-Followup-To: freebsd-isp@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

Hi

Recently I set up a caching only nameserver at work which all our office
machines, servers and dialup customers use for resolution instead of our
two authoritative nameservers. A few days ago our internet connection
went down, meaning that the caching nameserver couldn't get to the root
nameservers and therefore couldn't resolve anything it didn't have
cached. As it couldn't get to the root servers it also couldn't answer
any queries for zones that we are authoritative for (even though the
authoritative namesevers are on the same network).

The end result of this was that customers who dialled into us couldn't
see our site or pick up their mail as the caching nameserver wouldn't
resolve the hostnames of the web/mail servers.

Obviously this is a Bad Thing and I'd like to sort it out, especially
as I'm going to add another caching nameserver in the near future. What
would be the best way of fixing this? My thoughts so far are:

a) make the caching nameserver a slave for all the domains held on our
authoritative nameservers

b) define all our domains as stub zones on the caching nameserver

Another problem with the caching nameserver is it's very slow to pick up
*new* RRs on our authoritative servers (I know I need to wait for the
TTL to expire on changed records). Will the caching nameserver wait for
the TTL of the zone to expire before it asks the authoritative servers,
*even when it has no cached answer to the query*?

named.conf:

options {
        directory "/etc/namedb";
        allow-query {
                127.0.0.0/8;
                195.26.32.0/19;
                212.158.59.0/24;
        };
        statistics-interval 5;
        dump-file "s/named_dump.db";
};

logging {
        channel stats {
                file "/var/log/named.stats";
        };

        channel debugfile {
                file "/var/log/named.debug";
                print-category yes;
        };

        category statistics { stats; };
};

zone "." {
        type hint;
        file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {
        type master;
        file "localhost.rev";
};

Cheers,

-- 

Mark Drayton

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message