Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 12 Feb 2000 10:09:24 -0600 (CST)
From:      Gene Harris <zeus@tetronsoftware.com>
To:        freebsd-isp@freebsd.org
Subject:   Re: DSL firewall and DNS
Message-ID:  <Pine.BSF.4.10.10002120945480.90025-100000@tetron02.tetronsoftware.com>
In-Reply-To: <38A506F9.F402F9D@mcs.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi David,

First, to address the issue of DSL, you need to check with
your service provider as to whether they will allow the use
of your own DNS via DSL.  Some will, some have provisions in
their contract with you that you will be treated like a dial
up account.

To answer the question of DNS servers, you might be able to
fake your way through, you might not.  Some registrars ask
you up front if you have two servers, etc.  You also need to
check with your service provider.  Some service providers
make you go thru them for registration, etc.  They won't
necessarily honor any commitment for routing addresses to
your assigned ips, and some have been known to change your
ip addresses if you do not work through them.

Here in Oklahoma, DSL is regarded as a dial up service (as
is ISDN), and most service providers will not allow you to
have your own DNS Servers, News Feeds for INN, etc.  UUNet
at lease allows me to have my own Mail Servers, but they
provide the DNS and I have to work through them for any
domain name registrations because I have to use their DNS.
(They have been very cooperative and responsive to adding A,
MX and CNAME records, as well as doing reverse IP entries.)
Southwestern Bell forces you to use their ISP if you sign up
for DSL through them. While I don't know the exact T's and
C's for their clients, it is not much different than my
relationship with UUNet.  (I have heard they are not
as cooperative on adding entries to their DNS for their DSL
clients.)

I probably didn't answer any of your questions, but I hope
my own experiences will help you ask all the right questions
of your providers before you spend any money on
registrations.

*==============================================*
*Gene Harris      http://www.tetronsoftware.com*
*   Home of TeamAccess version control for     *
*        Microsoft Office 97 and 2000          *
*   FreeBSD 3.4-STABLE - The Power to Serve    *
*        Redhat 6.1 Secure Web Server          *
*==============================================*

On Sat, 12 Feb 2000, David A. Gobeille wrote:

>  Hello,
>  
>  Sorry if this is off topic, but I assume many of you have
>  experience with setting up similar configurations for your
>  customers.
>  
>  I would like to setup a FreeBSD 3.4 box as a firewall and also
>  use it to provide DNS service.  The box will have two interfaces,
>  pn0 and pn1, and I have been assigned a /29 address block.
>  
>  pn0 will attach to the internal network and will use
>  192.168.2.254/24 as it's address.
>  
>  pn1 will attach to the DSL modem and use two of the assigned
>  addresses, e.g. 200.1.2.50/29 & 200.1.2.51/32 (alias).
>  
>  The relevant rc.conf lines:
>  
>  network_interfaces= "pn0 pn1 lo0"
>  ifconfig_pn0=       "inet 192.168.2.254 netmask 255.255.255.0"
>  ifconfig_pn1=       "inet 200.1.2.50    netmask 255.255.255.248"
>  ifconfig_pn1_alias0="inet 200.1.2.51    netmask 255.255.255.255"
>  
>  
>  Will using the named configuration below satisfy the following
>  requirements?
>  
>  	1. When I register "company.com" with a registrar, will
>  	   I be able to use 200.1.2.50 & 51 as my name server
>  	   addresses? (I understand the fault tolerance issues
>  	   and I only have one computer for now, I want the single
>  	   machine to appear as two distinct name servers.)
>  
>  	2. Internal machines can query for addresses on the
>  	   internal LAN	and any Internet hosts.
>  
>  	3. Any Internet host can query the domain for addresses
>  	   using the 200.1.2.48/29 address block.
>  
>  
>  Configuration files for named: (feel free to make comments or correct
>  any errors in the configuration :-) 
>  ****************************** named.conf
>  options {
>  	directory "/etc/namedb";
>  
>  	forwarders {
>  		isp's dns server;
>  		ditto;
>  	};
>  };
>  
>  zone "." {
>  	type hint;
>  	file "named.root";
>  };
>  
>  zone "0.0.127.IN-ADDR.ARPA" {
>  	type master;
>  	file "localhost.rev";
>  };
>  
>  zone "company.com" {
>  	type master;
>  	file "company.com";
>  };
>  
>  zone "2.168.192.in-addr.arpa" {
>  	type master;
>  	file "company.com.rev";
>  };
>  
>  zone"48/29.2.1.200.in-addr.arpa" {
>  	type master;
>  	file "external.rev";
>  };
>  *****************************************
>  
>  ************************************ localhost.rev
>  @       IN      SOA     fw.company.com. root.company.com.  (
>                                  1998051000      ; Serial
>                                  3600    ; Refresh
>                                  900     ; Retry
>                                  3600000 ; Expire
>                                  3600 )  ; Minimum
>          IN      NS      ns1.company.com.
>          IN      NS      ns2.company.com.
>  1       IN      PTR     localhost.company.com.
>  ************************************
>  
>  ************************************ company.com
>  company.com.        IN      SOA     fw.company.com. root.company.com. (
>                                  1998060101  ; Serial
>                                  86400       ; Refresh
>                                  7200        ; Retry
>                                  8640000     ; Expire
>                                  86400 )     ; Minimum
>  
>  ;name servers
>                  IN      NS      ns1
>                  IN      NS      ns2
>  ns1             IN      A       200.1.2.50
>  ns2             IN      A       200.1.2.51
>  
>  ; Hosts
>  localhost       IN      A       127.0.0.1
>  fw		IN	A	192.168.2.254
>  internal	IN	A	192.168.2.1
>  external	IN	A	200.1.2.52
>  ************************************
>  
>  ************************************ company.com.rev
>  @               IN      SOA     fw.company.com. root.company.com. (
>                                  1998080700  ; Serial
>                                  86400       ; Refresh
>                                  7200        ; Retry
>                                  8640000     ; Expire
>                                  86400 )     ; Minimum
>  
>  ;name servers
>                  IN      NS      ns1.company.com.
>                  IN      NS      ns2.company.com.
>  
>  ; PTR records
>  1		IN	PTR	internal.company.com.
>  254             IN      PTR     fw.company.com.
>  ************************************
>  
>  ************************************ external.rev
>  $ORIGIN 48/29.2.1.200.in-addr.arpa.
>  @       IN      SOA     fw.company.com. root.company.com. (...)
>  @               NS      ns1.company.com.
>  @	IN	NS	ns2.company.com.
>  
>  50              PTR     ns1.company.com.
>  51              PTR     ns2.company.com.
>  52		PTR	external.company.com.
>  ************************************
>  
>  
>  
>  Any help is most welcome, thanks.
>  
>  --
>  
>  Dave
>  
>  
>  To Unsubscribe: send mail to majordomo@FreeBSD.org
>  with "unsubscribe freebsd-isp" in the body of the message
>  



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10002120945480.90025-100000>