Date: Tue, 19 Oct 2004 16:19:48 -0300 From: "Ezequiel O. Block" <ezequielb@pilar-ciudad.com.ar> Cc: freebsd-questions@freebsd.org Subject: Re: Private (only) DNS server setup? Message-ID: <417568D4.5000309@pilar-ciudad.com.ar> In-Reply-To: <20041019201733.E79192@gaff.hhhr.ision.net> References: <BAY18-F2ZncJfKHmj9n00008ff3@hotmail.com> <20041019201733.E79192@gaff.hhhr.ision.net>
next in thread | previous in thread | raw e-mail | index | archive | help
The allow-recursion option would limit queries only to your lan. like this
options {
allow-recursion { 192.168.1.0/24; 127.0.0.1; };
};
Olaf Hoyer wrote:
> On Tue, 19 Oct 2004, Seth Henry wrote:
>
>> Guys,
>> I am trying to decrease the amount of traffic going through my cable
>> modem. Presently, I have a FreeBSD 4.10 system acting as a gateway
>> router. It runs ipf/ipnat for filtering, and acts as a dhcp server to
>> the internal network. I also run ntpd, and have pointed all of my
>> internal machines to the router for time services.
>>
>> I plan to add a caching web proxy, and a private DNS server - which is
>> where my question comes in.
>>
>> I want to run a private DNS server which is visible internally only.
>> Comcast doesn't like servers, so I don't want to broadcast any DNS
>> information upstream. (this would also be kind of dumb, as the entries
>> would point to non-routable addresses)
>
>
> Hi!
>
> Hm, basically you set up BIND (or one of DNS demons of your choice) and
> tell them to
> a) take queries from clients and get the resolution stuff done
> b) tell the named that he is primary server for certain domains, like
> foo.bar.homezone
>
> a) ist done automatically after named ist started, that BIND is a
> caching nameserver, for easy you should put a forwarders clause in your
> named.conf so that BIND always tries to ask your providers DNS first,
> will also help to reduce traffic.
>
> b) Well, if you want to propagate DNS upstream or only on a local
> network is the same setup, when you have a primary DNS running- its the
> same named.conf, where named is responsible for a certain zone.
> As you are running a firewall, I assume that every port that is not
> needed to be visible from "outer space" ist closed, so there is no
> problem with that. Or you could tell named to only listen on the
> internal interface, which is the technically correct solution.
>
> All that stuff should be covered within the handbook, as pointed out, in
> my named.conf on a 4-stable the comments in the named.conf are also
> sufficient to create a primary DNS...
>
> HTH
> Olaf
>
--
Ezequiel O. Block
Cooperativa La Lonja.
Soporte Internet.
Buenos Aires, Argentina
F 02322-470406
T 02322-474537
E ezequielb@pilar-ciudad.com.ar
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?417568D4.5000309>