Private (only) DNS server setup?
Ezequiel O. Block
ezequielb at pilar-ciudad.com.ar
Tue Oct 19 12:17:40 PDT 2004
The allow-recursion option would limit queries only to your lan. like this
options {
allow-recursion { 192.168.1.0/24; 127.0.0.1; };
};
Olaf Hoyer wrote:
> On Tue, 19 Oct 2004, Seth Henry wrote:
>
>> Guys,
>> I am trying to decrease the amount of traffic going through my cable
>> modem. Presently, I have a FreeBSD 4.10 system acting as a gateway
>> router. It runs ipf/ipnat for filtering, and acts as a dhcp server to
>> the internal network. I also run ntpd, and have pointed all of my
>> internal machines to the router for time services.
>>
>> I plan to add a caching web proxy, and a private DNS server - which is
>> where my question comes in.
>>
>> I want to run a private DNS server which is visible internally only.
>> Comcast doesn't like servers, so I don't want to broadcast any DNS
>> information upstream. (this would also be kind of dumb, as the entries
>> would point to non-routable addresses)
>
>
> Hi!
>
> Hm, basically you set up BIND (or one of DNS demons of your choice) and
> tell them to
> a) take queries from clients and get the resolution stuff done
> b) tell the named that he is primary server for certain domains, like
> foo.bar.homezone
>
> a) ist done automatically after named ist started, that BIND is a
> caching nameserver, for easy you should put a forwarders clause in your
> named.conf so that BIND always tries to ask your providers DNS first,
> will also help to reduce traffic.
>
> b) Well, if you want to propagate DNS upstream or only on a local
> network is the same setup, when you have a primary DNS running- its the
> same named.conf, where named is responsible for a certain zone.
> As you are running a firewall, I assume that every port that is not
> needed to be visible from "outer space" ist closed, so there is no
> problem with that. Or you could tell named to only listen on the
> internal interface, which is the technically correct solution.
>
> All that stuff should be covered within the handbook, as pointed out, in
> my named.conf on a 4-stable the comments in the named.conf are also
> sufficient to create a primary DNS...
>
> HTH
> Olaf
>
--
Ezequiel O. Block
Cooperativa La Lonja.
Soporte Internet.
Buenos Aires, Argentina
F 02322-470406
T 02322-474537
E ezequielb at pilar-ciudad.com.ar
More information about the freebsd-questions
mailing list