|
General software and network General OS-independent software and network questions, X11, MTA, routing, etc. |
|
Thread Tools | Display Modes |
|
|||
caching DNS server?
I'm a real newbie when it comes to DNS, but I have been reading the Linux DNS howto for information (http://tldp.org/HOWTO/DNS-HOWTO.html).
I would like to set up DNS for a home network using OpenBSD 4.3. I'm using a private 192.168.0.0 IP range. I have three questions at this point.
|
|
|||
In http://www.bsdforums.org/forums/show...61&postcount=1 I explained the dual roles of a nameserver: authoritative and recursive resolver.
For a recursive resolver you only need the minimal configuration as explained in the 3dr chapter of the BIND 9 Administrator Reference Manual which you can find in /usr/share/doc/html/bind/Bv9ARM.ch03.html You only need a master zone if you configure Bind as an primary/master authoritative nameserver. A master authoritative nameserver answers questions about the domains it is authoritative for from the zone file(s). A slave authoritative nameserver get its zone information from a master nameserver. The master/slave thing is just a way to replicate information from one authoritative nameserver to other nameservers. The "/etc/resolv.conf" should only contain the ip addresses of caching nameservers You can setup a local authoritative nameserver with a zone with non-official TLD. On my local LAN at home I use xnet Code:
$ dig +norecurse -t ns utp.xnet @192.168.222.11 ; <<>> DiG 9.3.4 <<>> +norecurse -t ns utp.xnet @192.168.222.11 ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9708 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;utp.xnet. IN NS ;; ANSWER SECTION: utp.xnet. 259200 IN NS ns1.utp.xnet. ;; ADDITIONAL SECTION: ns1.utp.xnet. 259200 IN A 192.168.222.11 ;; Query time: 1 msec ;; SERVER: 192.168.222.11#53(192.168.222.11) ;; WHEN: Wed May 28 02:09:04 2008 ;; MSG SIZE rcvd: 60 On 192.168.222.10 is my dnscache recursive resolver. Code:
$ dig ns1.utp.xnet ; <<>> DiG 9.3.4 <<>> ns1.utp.xnet ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53169 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;ns1.utp.xnet. IN A ;; ANSWER SECTION: ns1.utp.xnet. 258816 IN A 192.168.222.11 ;; Query time: 1 msec ;; SERVER: 192.168.222.10#53(192.168.222.10) ;; WHEN: Wed May 28 02:19:16 2008 ;; MSG SIZE rcvd: 46 Re: dynamic DNS IMHO dynamic DNS is evil, it relies on the completely insecure DHCP protocol. For a home network I would just assign fixed IP addresses.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Thanks for your reply.
After reading both your response and the BIND Reference Manual mentioned above, it appears that caching nameservers are only useful for increasing performance and distributing the load on authoritative nameservers. As such, they don't store A records as I originally assumed. If I am correct, it also doesn't appear that caching nameservers have to reference authoritative nameservers within the zone as they can just begin queries directly through the TLD nameservers. At least this is what I appear to have found out when tinkering with a box I will be using for DNS here. So, I will study further about what you mention as far as using a domain not officially registered since I will need an authoritative nameserver to store local A records for the machines I have at home. So thanks for giving direction. I will likely be back with more questions in a few days. |
|
|||
Quote:
The proper way to distribute load on authoritative nameservers is to have several from them. Caching nameserver are useful for a network to reduce DNS traffic. That is why your ISP usually gives you the addresses of his two caching nameservers to enter into your /etc/resolv.conf file. Quote:
In a professional environment, this however should be avoided for security reasons. For example, if you configure a zone file for msn.com and enter 127.0.0.1 as A record, the caching nameserver will not do the traversal starting from the DNS root '.' , but will answer with the 127.0.0.1 address from the zone file. Quote:
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Quote:
Quote:
|
|
|||
Re: msn.com zone file
Each zone file you configure to be used for a caching nameserver, will be used to answer queries, independent of which records are there, and whether they reflect reality. The example I gave of a msn.com zone file with the 127.0.0.1 loopback address is used by some system administrator to prevent people from using MSN. Re: local domain Yes, you can tell your caching nameserver to pass on all non-local domain queries to the nameservers of your ISP. In Bind terminology, you have to define these nameservers as forwarders. A "forwarding-only" nameserver will hand off, or "forward" all the queries it receives to these nameservers. It will still cache the answers of the "forwarders" for possible reuse. All these things can be found in the Bind 9 administrators manual. A good second source is Craig Hunt's book "TCP/IP Network Administration"
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump Last edited by J65nko; 3rd June 2008 at 12:12 AM. Reason: Minor grammar improvements |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Caching-only DNS server on OpenBSD | Oko | OpenBSD General | 1 | 13th September 2009 08:30 PM |
exclude URL from caching at squid 3 | ccc | FreeBSD General | 1 | 31st January 2009 06:20 PM |
Sun Java System Web Server - Active Server Pages (yes ASP) | hopla | FreeBSD General | 0 | 26th September 2008 08:22 AM |