Private (only) DNS server setup?
krylon at gmx.net
Tue Oct 19 08:26:55 PDT 2004
Seth Henry wrote:
> I want to run a private DNS server which is visible internally only.
> Comcast doesn't like servers, so I don't want to broadcast any DNS
> information upstream. (this would also be kind of dumb, as the entries
> would point to non-routable addresses)
> I also want to create a private, internal zone so that I can stop
> passing hosts files around. (i.e. 192.168.1.1 -> internal_host1, etc)
> IOW - I would like internal machines to point to my DNS server for
> internal & external addresses. If the DNS server (on the router) can't
> find the address in its local cache, I would like the router to
> retrieve the record, and pass it along to the internal machine. In the
> end, I want to block all DNS traffic from the internal network from
> leaving the network - internal machines should only request DNS info
> from the router.
I did exactly that recently. This is pretty easy to set up once you
understand DNS - DNS *can* be complicated, but for what you want to do,
You can find info in the FreeBSD-Handbook as well as in the BIND v9
Administrator's Reference Manual (which can be found at www.bind9.net,
also, it's installed locally along with BIND9).
> I am already running dhcpd - so i plan to simply point all of the
> machines to my DNS server. If all goes well, new machines should be
> "network ready" right after the install.
Works in my network. =) As I said, it's rather easy.
> I have seen a large number of HOWTO's on the web, but all seem to
> assume that you want to propogate internal DNS info back upstream.
> Can anyone refer me to an appropriate README, HOWTO?
See the FreeBSD handbook and the Bindv9 ARM for "caching-only nameserver".
Beyond that, you just need to set up an internal zone.
If you feel it might be helpful, I can send you a copy of my
configuration and zone file/s.
More information about the freebsd-questions