From owner-freebsd-questions@FreeBSD.ORG Tue Oct 19 15:26:55 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B9A516A4CE for ; Tue, 19 Oct 2004 15:26:55 +0000 (GMT) Received: from mail.gmx.net (imap.gmx.net [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 214A543D2F for ; Tue, 19 Oct 2004 15:26:54 +0000 (GMT) (envelope-from krylon@gmx.net) Received: (qmail 629 invoked by uid 65534); 19 Oct 2004 15:26:52 -0000 Received: from i53874B22.versanet.de (EHLO [192.168.0.13]) (83.135.75.34) by mail.gmx.net (mp010) with SMTP; 19 Oct 2004 17:26:52 +0200 X-Authenticated: #685629 Message-ID: <41753236.50309@gmx.net> Date: Tue, 19 Oct 2004 17:26:46 +0200 From: Benjamin Walkenhorst User-Agent: Mozilla Thunderbird 0.7.3 (X11/20040926) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Seth Henry References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: Private (only) DNS server setup? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Oct 2004 15:26:55 -0000 Hello, Seth Henry wrote: > I want to run a private DNS server which is visible internally only. > Comcast doesn't like servers, so I don't want to broadcast any DNS > information upstream. (this would also be kind of dumb, as the entries > would point to non-routable addresses) > > I also want to create a private, internal zone so that I can stop > passing hosts files around. (i.e. 192.168.1.1 -> internal_host1, etc) > IOW - I would like internal machines to point to my DNS server for > internal & external addresses. If the DNS server (on the router) can't > find the address in its local cache, I would like the router to > retrieve the record, and pass it along to the internal machine. In the > end, I want to block all DNS traffic from the internal network from > leaving the network - internal machines should only request DNS info > from the router. I did exactly that recently. This is pretty easy to set up once you understand DNS - DNS *can* be complicated, but for what you want to do, it's simple. You can find info in the FreeBSD-Handbook as well as in the BIND v9 Administrator's Reference Manual (which can be found at www.bind9.net, also, it's installed locally along with BIND9). > > I am already running dhcpd - so i plan to simply point all of the > machines to my DNS server. If all goes well, new machines should be > "network ready" right after the install. Works in my network. =) As I said, it's rather easy. > > I have seen a large number of HOWTO's on the web, but all seem to > assume that you want to propogate internal DNS info back upstream. > > Can anyone refer me to an appropriate README, HOWTO? See the FreeBSD handbook and the Bindv9 ARM for "caching-only nameserver". Beyond that, you just need to set up an internal zone. If you feel it might be helpful, I can send you a copy of my configuration and zone file/s. Kind regards, Benjamin