Re: Setting up a FreeBSD gateway

Thanks for the information! I'm getting ready to set up BIND for the first
time and this will be very useful.

Teo


On 1/4/06, Reko Turja <reko.turja@xxxxxxxxxxx> wrote:
>
>
> ----- Original Message -----
> From: "Brian Bobowski" <bbobowski@xxxxxxxxx>
> To: "FreeBSD User Questions List" <freebsd-questions@xxxxxxxxxxx>
> Sent: Wednesday, January 04, 2006 7:44 PM
> Subject: Setting up a FreeBSD gateway
>
> > However, I don't know how to set up DNS. Specifically, I want to
> > either pass all DNS requests through the gateway, or have the gateway
> > run a local DNS that queries my ISP's DNS in turn. Can anyone point me
> > to some steps on how to set that up?
>
> If you're going to use BIND (which I recommend and which is included in
> the system) check at least the following parameters in named.conf:
>
> listen-on
> - set this to your internal IP
> forwarders
> - if you dont want to fetch every single record from the official DNS's
> and want to utilize your providers DNS cache, set this variable to point
> on your ISP's DNS servers.
> forward-only
> as you're going to have your own domain records set up be sure this is
> commented out.
>
> Basically BIND with this kind of configuration will forward queries to
> master or forwarder servers unless it has the master record itself or
> there is cached record, which is still valid.
>
> defining the localhost:
> If the machine names are set up right in your fbsd installation,
> easiest is to use the make-localhost in the /etc/namedb directory.
>
> Then you forward zone file for your "domain" as well as reverse zones
> for the ip-ranges in use. My files are:
>
> master/mydomain.org file:
>
> $TTL 3600
> @ IN SOA xxx.xxx.org. root.xxx.org. (
> ; we define authority as well as the base domain (first xxx.org and
> ; the administrative contact - as bind has other uses for "." the mail
> ; address is notes with dot between domain and username.
> 2005111301 ;serial
> ; good idea is to use the shown date notation, and ALWAYS bump the
> serial whatever
> ;you do to the zone files)
> 86400 ;refresh 24h
> 7200 ;retry 2h
> 192200 ;expire 2d
> 86400) ;minimum 24h
>
> IN NS moria.endor.swagman.org.
> ; we define name servers for the zone only one is usually needed for
> "private" dns use.
> IN MX 5 moria.endor.swagman.org.
> ; I define mail handler server just in case...
> moria IN A 192.168.10.1
> rivendell IN A 192.168.10.10
> lorien IN A 192.168.10.11
> muppet IN A 192.168.10.20
> ;and then add my workstations
>
> As the main forward zone is now set up, we need the reverse zones as
> well.
>
> My reverse zone for above setup is (master/rev.mydomain.org):
> $TTL 1d
> @ IN SOA xxx.xxx.org. root.swagman.org. (
> 2005111301 ;serial
> 1d ;refresh
> 2h ;retry
> 20d ;expire
> 2h ) ;neg cache
>
> IN NS moria.endor.swagman.org.
>
> 1 IN PTR moria.endor.swagman.org.
> 10 IN PTR rivendell.endor.swagman.org.
> 11 IN PTR lorien.endor.swagman.org.
> 20 IN PTR muppet.endor.swagman.org.
>
>
> With BIND the dots after the names are important, otherwise the names
> end up as name.my.domain.my.domain which usually isn't what you want :)
>
> After the zones are set up you can add them to named.conf as follows:
>
> zone "xxx.xxx.org" {
> type master;
> file "master/mydomain.org";
> };
>
> zone "10.168.192.in-addr.arpa" {
> type master;
> file "master/rev.mydomain.org";
> };
>
>
> In the above note the naming of reverse zone. To get correct resolution
> of reverse names you need to name your zone with similar formatting.
>
> Hope this helps a bit (although I recommend getting Bind handbook
> 8available from ISC as pdf, or some of the "basic" BSD books like Greg
> Lehey's, Or Michael Lucas's books on Freebsd - both have a good chapter
> on DNS setup with BIND. Of course nothing beats the O'Reilly Cricket
> book.)
>
> -Reko
>
> _______________________________________________
> freebsd-questions@xxxxxxxxxxx mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@xxxxxxxxxxx"
>
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: DNS Zone Type
    ... There may be only one primary when the zone is on both ... Windows DNS and Bind. ... Microsoft MVP (Windows Server System: ...
    (microsoft.public.windows.server.dns)
  • Re: Help smtp in qmail
    ... Mr Ed sorry to bother you, can you help me to analyze my dns script using ... Previous versions of BIND always asked ... zone "localhost" IN { ... This will confirm my suspicion that you have a DNS ...
    (RedHat)
  • Re: More Event ID 5781
    ... I'm kind of confused here what is the DNS server ... > Am I incorrect in thinking that is the BIND? ... DDNS server. ... Preferably a DC since the zone ...
    (microsoft.public.windows.server.dns)
  • Re: Making windows 2003 DNS work with old BIND 8 DNS
    ... The main DNS servers are AIX ... > the bind level. ... The clients can not change anything on their side. ... the _msdcs zone is delegated to itself, and the zone is created on the same ...
    (microsoft.public.windows.server.dns)
  • Re: Making windows 2003 DNS work with old BIND 8 DNS
    ... The main DNS servers are AIX ... > the bind level. ... The clients can not change anything on their side. ... the _msdcs zone is delegated to itself, and the zone is created on the same ...
    (microsoft.public.windows.server.migration)