Private (only) DNS server setup?

Benjamin Walkenhorst krylon at
Tue Oct 19 08:26:55 PDT 2004


Seth Henry wrote:

> I want to run a private DNS server which is visible internally only. 
> Comcast doesn't like servers, so I don't want to broadcast any DNS 
> information upstream. (this would also be kind of dumb, as the entries 
> would point to non-routable addresses)
> I also want to create a private, internal zone so that I can stop 
> passing hosts files around. (i.e. -> internal_host1, etc) 
> IOW - I would like internal machines to point to my DNS server for 
> internal & external addresses. If the DNS server (on the router) can't 
> find the address in its local cache, I would like the router to 
> retrieve the record, and pass it along to the internal machine. In the 
> end, I want to block all DNS traffic from the internal network from 
> leaving the network - internal machines should only request DNS info 
> from the router.

I did exactly that recently. This is pretty easy to set up once you 
understand DNS - DNS *can* be complicated, but for what you want to do, 
it's simple.
You can find info in the FreeBSD-Handbook as well as in the BIND v9 
Administrator's Reference Manual (which can be found at, 
also, it's installed locally along with BIND9).

> I am already running dhcpd - so i plan to simply point all of the 
> machines to my DNS server. If all goes  well, new machines should be 
> "network ready" right after the install.

Works in my network. =) As I said, it's rather easy.

> I have seen a large number of HOWTO's on the web, but all seem to 
> assume that you want to propogate internal DNS info back upstream.
> Can anyone refer me to an appropriate README, HOWTO?

See the FreeBSD handbook and the Bindv9 ARM for "caching-only nameserver".
Beyond that, you just need to set up an internal zone.
If you feel it might be helpful, I can send you a copy of my 
configuration and zone file/s.

Kind regards,

More information about the freebsd-questions mailing list