[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Sun, Sep 18, 2005 at 10:34:30AM +0100, ed wrote:
> Steve B <steveb7_(_at_)_gmail_(_dot_)_com> wrote:
> > I'm a little confused on the topic of running Bind on OBSD. I've read
> > the Secure Architectures book, some material at
> > http://www.aei.ca/~pmatulis/pub/obsd_pf.html and a few other places.

  o'reilly DNS and BIND.

  cakewalk; you'll come out of it with no more confusion at all.

> > My goal is to provide DNS to my local LANs and probably act as a
> > caching/forwarding DNS. 
> > What confuses me is 1) where to put my db.wired and db.1.168.192 files

  already answered by someone, but again, /var/named/master is a sensible

> > 2) what to add to named.conf to put
> > these files to use, and 

zone "1.168.192.in-addr.arpa" IN {
	type master;
	file "master/db.1.168.192";

zone "wired" IN {
	type master;
	file "master/db.wired";

  put these, as a suggestion, under the "// Master zones" section of the 
  default named.conf, because the heading is already there, so you might
  as well take advantage of it <G>.

> > 3) how to configure named.conf for
> > caching/forwarding.
> > 
> > Some articles I've read via Google say the default named.conf is
> > configured as a caching nameserver and to simply start the named
> > daemon

  the /var/named/etc/named.conf that comes in openbsd is good to go
  as a local caching resolver.  just start it.  it will recurse/resolve
  for you anything you ask it(or at least try to).

  it will only answer queries from ::1 and 'localnets'.  localnets is
  referenced in the html on your filesystem i point to below, just read the
  'acl statement grammar' section.  as long as you have pf filtering
  queries from the world (which, if you're just using this as a 
  caching resolver and locally-authoritative-only server, is probably
  what you're doing), you're set.

> >, while others say the forwarders first and forwarders options
> > must be entered.

  only if you're using forward zones, which the default openbsd named.conf
  does not.  anyone saying that you have to do that is hopefully talking
  about a different OS.
> Try dnscache part of djbdns from http://cr.yp.to, its very good and
> efficient, also rather secure compared to BIND (Buggy Internet Name
> Daemon).

  bah, screw djb.

  use software in base before software in ports; use software in ports 
  before software not in base or ports.  exceptions for good reasons
  are of course, exceptions. but someone who just wants to "turn on some
  DNS for their LAN" doesn't have a good reason to use (DNS) software which
  is wholly unsupported in the (s/the/this) community.



[ openbsd 3.7 GENERIC ( sep 10 ) // i386 ]