DNS setup

Alejandro Pulver alejandro at varnet.biz
Sun Jul 3 23:00:08 GMT 2005

On Sun, 3 Jul 2005 18:23:31 -0400
Alan Curtis <alan.curtis at gmail.com> wrote:

> On Jul 3, 2005, at 11:57 AM, Alejandro Pulver wrote:
> > On Sun, 3 Jul 2005 11:07:41 -0400
> > Alan Curtis <alan.curtis at gmail.com> wrote:
> >
> >
> >> I am running FreeBSD 5.3-STABLE behind a Linksys Wireless Access
> >> Point and Firewall and a DSL modem. My ISP assigns me a dynamic IP
> >> address which changes on a regular basis and the root domain and
> >> Domain Name Servers associated with that domain also change. I have
> >> seen at least 3 different root domains.
> >>
> >> I have a number of machines on my wireless network and I would like
> >> them to be able to find one another. To do this I have assigned
> >them > fixed IP addresses.
> >>
> >> My problem how to assign the Domain Name Servers for all the
> >> machines. I point them all at the Linksys, which seems to work most
> >> of the time, but occasionally network traffic gets really slow and
> >I > suspect that its a DNS problem.
> >>
> >> Can I set up something on my FreeBSD server to help solve this
> >> problem?
> >>
> >> Alan
> >>
> >>
> >
> > Hello,
> >
> > If you think the problem is on your ISP DNS servers, you have two
> > alternatives:
> >
> > 1) Set up a local DNS server on all the machines of the network.
> >
> > 2) Set up a DNS server on one machine, that answers queries to all
> > the
> >    machines of the network.
> >
> > If you want more detailed information about them (like how to set
> > them up), ask me.
> >
> I do need some clear instructions. I tried djbdns without success  
> (see another post) and also the instructions under 'Domain Name  
> System (DNS)' in the FreeBSD Handbook.
> I added named_enable="YES" to /etc/rc.conf. Used the default  
> configuration file without any zone (as suggested in the Handbook).  
> There is no 'ndc' on my machine. I assume I must use 'rndc' instead.  
> Ran 'rndc start' and was told
> rndc: connect failed: connection refused
> Saw nothing in /var/log/messages or /var/log/console.log
> Alan


You need to run "rndc-confgen", and save the output in a temporary file.

Then you have to look at it: there is one part to be put to
"/etc/namedb/named.conf" and the other to "/etc/namedb/rndc.conf".


% rndc-confgen

===== add to /etc/namedb/rndc.conf =====

# Start of rndc.conf
key "rndc-key" {
	algorithm hmac-md5;
	secret "zCgi4/rmS+O0ZENRWk22SQ==";

options {
	default-key "rndc-key";
	default-port 953;
# End of rndc.conf

===== add to /etc/namedb/named.conf =====

# Use with the following in named.conf, adjusting the allow list as
needed: # key "rndc-key" {
# 	algorithm hmac-md5;
# 	secret "zCgi4/rmS+O0ZENRWk22SQ==";
# };
# controls {
# 	inet port 953
# 		allow {; } keys { "rndc-key"; };
# };
# End of named.conf

IIRC before FreeBSD 5.4 there was a "ndc" (like rndc, but only local and
did not need setup). The "rndc" is for remote control (however it can
also be used as local with the loopback address

The key is randomly generated (automatically), and it has to match in
the two files.

After that the connection will be allowed (however the "start" command
does not exist, you have to start it manually - "named" - and then you
can control it with rndc).

The file rndc.conf has to be placed on the machine you want to control
the name server from. But if it is not the same machine that runs the
name server, you have to put its IP address instead of

The "inet" statements in named.conf specifies the IP address the name
server will listen (for rndc). You will have to put here the IP address
of the machine (and the localhost to be controled locally) in the
network to be controlled from other machines.

The "allow" statement in named.conf specifies from which hosts you can
(remotely) control the name server. The address is the
loopback (internal address), but you can add the IP address of other
machines too (note that they need the rndc.conf file set appropiately).

If you have questions about this ask me.

If you want examples I can provide you some.

Then let me know if you want option 1) or 2) so I can help you with the
next step. 

1) Have an independent DNS server on each machine (there is one for
   Windows called TreeWalk - free -, that is the same as named).

2) Put a DNS server on *one* machine, and that DNS server is used by all
   the machines on the network.

Hope that Helps.

Best Regards,

More information about the freebsd-questions mailing list