DNS

Walter Alejandro Iglesias roquesor at gmail.com
Sun Jan 1 23:58:53 UTC 2012 

On Sun, Jan 01, 2012 at 03:24:59PM -0800, Waitman Gobble wrote:
> On Sun, Jan 1, 2012 at 2:54 PM, Robert Huff <roberthuff at rcn.com> wrote:
> 
> >
> > Walter Alejandro Iglesias writes:
> >
> > >  Time ago I made the attempt to setup my own DNS in the same
> > >  machine I had my web server running.  DNS was the only thing I
> > >  was not able to automatically update in the system with my
> > >  scripts each time a new customer purchased a service.  It would
> > >  be wonderful for me if you or anyone here at least confirm me if
> > >  it is really possible.
> >
> >         What is possible - updating using scripts, or running BIND on
> > the same machine as a web server (presumably Apache)?
> >        While I'm sure someone has written them, I don't know of any
> > scripts that will "update" (whatever that means) BIND configuration
> > files that are included either as part of the base system or as
> > ports.
> >        However, running BIND and Apache is certainly possible - the
> > machine I'm typing this on does exactly that.
> >
> >
> >                                Robert Huff
> >
> >
> I agree with Robert, it's generally no problem, at least technically, to
> run BIND on the same machine. (Unless in certain situations I can think of
> at the moment) you are running your httpd server on a non-public network
> behind a firewall, doing certain things with NAT on the router, or running
> httpd on a "private machine" that only "gets traffic" from a public-facing
> cache/proxy like squid. These situations don't rule out use but could cause
> 'looping' or otherwise cause problems depending on how your network and
> name system is setup.
> 
> It is better to have more than one machine running name services, if
> possible. Also a good idea to prohibit zone transfers and recursive
> lookups, or at least limit very carefully.
> 
> You should be able to set up a zone update thing for your customers, just
> keep TTL somewhat short, and update your serial # in the zone so that
> external caches will pull the updates (using date and/or time is probably
> best.) And you probably don't want the daemon/nobody httpd user fooling
> around with the zone files or named process directly so it's best to set a
> signal in your script like 'touch /tmp/updatebind' or something and have a
> cron job check for the 'signal'.
> 
> Waitman


Thanks Waitman,

The true is I am a bit lost, perhaps (here is late, 00:54) I am
a bit hungry and tired :-).  I will dinner, sleep and tomorrow
morning with a fresh mind I will reread carefully this last
message.  I'll buy the book you advised too.


	Walter

More information about the freebsd-questions mailing list