DNS
Walter Alejandro Iglesias
roquesor at gmail.com
Sun Jan 1 23:58:53 UTC 2012
On Sun, Jan 01, 2012 at 03:24:59PM -0800, Waitman Gobble wrote:
> On Sun, Jan 1, 2012 at 2:54 PM, Robert Huff <roberthuff at rcn.com> wrote:
>
> >
> > Walter Alejandro Iglesias writes:
> >
> > > Time ago I made the attempt to setup my own DNS in the same
> > > machine I had my web server running. DNS was the only thing I
> > > was not able to automatically update in the system with my
> > > scripts each time a new customer purchased a service. It would
> > > be wonderful for me if you or anyone here at least confirm me if
> > > it is really possible.
> >
> > What is possible - updating using scripts, or running BIND on
> > the same machine as a web server (presumably Apache)?
> > While I'm sure someone has written them, I don't know of any
> > scripts that will "update" (whatever that means) BIND configuration
> > files that are included either as part of the base system or as
> > ports.
> > However, running BIND and Apache is certainly possible - the
> > machine I'm typing this on does exactly that.
> >
> >
> > Robert Huff
> >
> >
> I agree with Robert, it's generally no problem, at least technically, to
> run BIND on the same machine. (Unless in certain situations I can think of
> at the moment) you are running your httpd server on a non-public network
> behind a firewall, doing certain things with NAT on the router, or running
> httpd on a "private machine" that only "gets traffic" from a public-facing
> cache/proxy like squid. These situations don't rule out use but could cause
> 'looping' or otherwise cause problems depending on how your network and
> name system is setup.
>
> It is better to have more than one machine running name services, if
> possible. Also a good idea to prohibit zone transfers and recursive
> lookups, or at least limit very carefully.
>
> You should be able to set up a zone update thing for your customers, just
> keep TTL somewhat short, and update your serial # in the zone so that
> external caches will pull the updates (using date and/or time is probably
> best.) And you probably don't want the daemon/nobody httpd user fooling
> around with the zone files or named process directly so it's best to set a
> signal in your script like 'touch /tmp/updatebind' or something and have a
> cron job check for the 'signal'.
>
> Waitman
Thanks Waitman,
The true is I am a bit lost, perhaps (here is late, 00:54) I am
a bit hungry and tired :-). I will dinner, sleep and tomorrow
morning with a fresh mind I will reread carefully this last
message. I'll buy the book you advised too.
Walter
More information about the freebsd-questions
mailing list