Date: Sat, 12 Feb 2000 10:09:24 -0600 (CST) From: Gene Harris <zeus@tetronsoftware.com> To: freebsd-isp@freebsd.org Subject: Re: DSL firewall and DNS Message-ID: <Pine.BSF.4.10.10002120945480.90025-100000@tetron02.tetronsoftware.com> In-Reply-To: <38A506F9.F402F9D@mcs.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi David, First, to address the issue of DSL, you need to check with your service provider as to whether they will allow the use of your own DNS via DSL. Some will, some have provisions in their contract with you that you will be treated like a dial up account. To answer the question of DNS servers, you might be able to fake your way through, you might not. Some registrars ask you up front if you have two servers, etc. You also need to check with your service provider. Some service providers make you go thru them for registration, etc. They won't necessarily honor any commitment for routing addresses to your assigned ips, and some have been known to change your ip addresses if you do not work through them. Here in Oklahoma, DSL is regarded as a dial up service (as is ISDN), and most service providers will not allow you to have your own DNS Servers, News Feeds for INN, etc. UUNet at lease allows me to have my own Mail Servers, but they provide the DNS and I have to work through them for any domain name registrations because I have to use their DNS. (They have been very cooperative and responsive to adding A, MX and CNAME records, as well as doing reverse IP entries.) Southwestern Bell forces you to use their ISP if you sign up for DSL through them. While I don't know the exact T's and C's for their clients, it is not much different than my relationship with UUNet. (I have heard they are not as cooperative on adding entries to their DNS for their DSL clients.) I probably didn't answer any of your questions, but I hope my own experiences will help you ask all the right questions of your providers before you spend any money on registrations. *==============================================* *Gene Harris http://www.tetronsoftware.com* * Home of TeamAccess version control for * * Microsoft Office 97 and 2000 * * FreeBSD 3.4-STABLE - The Power to Serve * * Redhat 6.1 Secure Web Server * *==============================================* On Sat, 12 Feb 2000, David A. Gobeille wrote: > Hello, > > Sorry if this is off topic, but I assume many of you have > experience with setting up similar configurations for your > customers. > > I would like to setup a FreeBSD 3.4 box as a firewall and also > use it to provide DNS service. The box will have two interfaces, > pn0 and pn1, and I have been assigned a /29 address block. > > pn0 will attach to the internal network and will use > 192.168.2.254/24 as it's address. > > pn1 will attach to the DSL modem and use two of the assigned > addresses, e.g. 200.1.2.50/29 & 200.1.2.51/32 (alias). > > The relevant rc.conf lines: > > network_interfaces= "pn0 pn1 lo0" > ifconfig_pn0= "inet 192.168.2.254 netmask 255.255.255.0" > ifconfig_pn1= "inet 200.1.2.50 netmask 255.255.255.248" > ifconfig_pn1_alias0="inet 200.1.2.51 netmask 255.255.255.255" > > > Will using the named configuration below satisfy the following > requirements? > > 1. When I register "company.com" with a registrar, will > I be able to use 200.1.2.50 & 51 as my name server > addresses? (I understand the fault tolerance issues > and I only have one computer for now, I want the single > machine to appear as two distinct name servers.) > > 2. Internal machines can query for addresses on the > internal LAN and any Internet hosts. > > 3. Any Internet host can query the domain for addresses > using the 200.1.2.48/29 address block. > > > Configuration files for named: (feel free to make comments or correct > any errors in the configuration :-) > ****************************** named.conf > options { > directory "/etc/namedb"; > > forwarders { > isp's dns server; > ditto; > }; > }; > > zone "." { > type hint; > file "named.root"; > }; > > zone "0.0.127.IN-ADDR.ARPA" { > type master; > file "localhost.rev"; > }; > > zone "company.com" { > type master; > file "company.com"; > }; > > zone "2.168.192.in-addr.arpa" { > type master; > file "company.com.rev"; > }; > > zone"48/29.2.1.200.in-addr.arpa" { > type master; > file "external.rev"; > }; > ***************************************** > > ************************************ localhost.rev > @ IN SOA fw.company.com. root.company.com. ( > 1998051000 ; Serial > 3600 ; Refresh > 900 ; Retry > 3600000 ; Expire > 3600 ) ; Minimum > IN NS ns1.company.com. > IN NS ns2.company.com. > 1 IN PTR localhost.company.com. > ************************************ > > ************************************ company.com > company.com. IN SOA fw.company.com. root.company.com. ( > 1998060101 ; Serial > 86400 ; Refresh > 7200 ; Retry > 8640000 ; Expire > 86400 ) ; Minimum > > ;name servers > IN NS ns1 > IN NS ns2 > ns1 IN A 200.1.2.50 > ns2 IN A 200.1.2.51 > > ; Hosts > localhost IN A 127.0.0.1 > fw IN A 192.168.2.254 > internal IN A 192.168.2.1 > external IN A 200.1.2.52 > ************************************ > > ************************************ company.com.rev > @ IN SOA fw.company.com. root.company.com. ( > 1998080700 ; Serial > 86400 ; Refresh > 7200 ; Retry > 8640000 ; Expire > 86400 ) ; Minimum > > ;name servers > IN NS ns1.company.com. > IN NS ns2.company.com. > > ; PTR records > 1 IN PTR internal.company.com. > 254 IN PTR fw.company.com. > ************************************ > > ************************************ external.rev > $ORIGIN 48/29.2.1.200.in-addr.arpa. > @ IN SOA fw.company.com. root.company.com. (...) > @ NS ns1.company.com. > @ IN NS ns2.company.com. > > 50 PTR ns1.company.com. > 51 PTR ns2.company.com. > 52 PTR external.company.com. > ************************************ > > > > Any help is most welcome, thanks. > > -- > > Dave > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10002120945480.90025-100000>