[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OBSD 2.8 networking troubles
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: OBSD 2.8 networking troubles
- From: Henning Brauer <lists-openbsd_(_at_)_bsws_(_dot_)_de>
- Date: Wed, 9 May 2001 18:18:37 +0200
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
On Wed, May 09, 2001 at 05:29:04PM +0200, Moritz Grimm wrote:
> Henning Brauer wrote:
> > If I didn;t misunderstood him he does not wan't to run a DNS, he wants to
> > use one. The rule would look like
> Oh, so the problem might be within my DNS configuration?
> Well, let me
> clear that up a little. On my gateway, BIND8 is running and authorative
> for my private class-C (192.168...) subnet and its non-official domain.
> All clients in the LAN, including the gateway itself query this DNS
> server on the gateway, who has the DNS servers of my ISP in its
> forwarders section.
> This means that only my DNS server queries other DNS servers.
Uuuuh ohhh, very very bad. NEVER use one DNS Server for both. Run one
resolver and one authoritative DNS. Unforunately BIND allows this
I'd use dnscache from djbdns running on the inside interface and tinydns
running on 127.0.0.1. That should also be possible with BIND. But... think
again about using BIND8. There are good reasons for BIND8 not beeing in the
base OS. It's codebase is a nightmare, and we are seeing security bugs every
few weeks. Either go with bind4 from the base OS or use djbdns.
Also, I don't see any reason to use the resolver as a forwarder. Let it
Just in case you want to use djbdns: read http://www.lifewithdjdns.org/ ;-)
* Henning Brauer, hostmaster_(_at_)_bsws_(_dot_)_de, http://www.bsws.de *
* Roedingsmarkt 14, 20459 Hamburg, Germany *
Unix is very simple, but it takes a genius to understand the simplicity.