DNS

Waitman Gobble gobble.wa at gmail.com
Sun Jan 1 23:25:00 UTC 2012 

On Sun, Jan 1, 2012 at 2:54 PM, Robert Huff <roberthuff at rcn.com> wrote:

>
> Walter Alejandro Iglesias writes:
>
> >  Time ago I made the attempt to setup my own DNS in the same
> >  machine I had my web server running.  DNS was the only thing I
> >  was not able to automatically update in the system with my
> >  scripts each time a new customer purchased a service.  It would
> >  be wonderful for me if you or anyone here at least confirm me if
> >  it is really possible.
>
>         What is possible - updating using scripts, or running BIND on
> the same machine as a web server (presumably Apache)?
>        While I'm sure someone has written them, I don't know of any
> scripts that will "update" (whatever that means) BIND configuration
> files that are included either as part of the base system or as
> ports.
>        However, running BIND and Apache is certainly possible - the
> machine I'm typing this on does exactly that.
>
>
>                                Robert Huff
>
>
I agree with Robert, it's generally no problem, at least technically, to
run BIND on the same machine. (Unless in certain situations I can think of
at the moment) you are running your httpd server on a non-public network
behind a firewall, doing certain things with NAT on the router, or running
httpd on a "private machine" that only "gets traffic" from a public-facing
cache/proxy like squid. These situations don't rule out use but could cause
'looping' or otherwise cause problems depending on how your network and
name system is setup.

It is better to have more than one machine running name services, if
possible. Also a good idea to prohibit zone transfers and recursive
lookups, or at least limit very carefully.

You should be able to set up a zone update thing for your customers, just
keep TTL somewhat short, and update your serial # in the zone so that
external caches will pull the updates (using date and/or time is probably
best.) And you probably don't want the daemon/nobody httpd user fooling
around with the zone files or named process directly so it's best to set a
signal in your script like 'touch /tmp/updatebind' or something and have a
cron job check for the 'signal'.

Waitman

More information about the freebsd-questions mailing list