On Mon, Jan 27, 2003 at 05:15:29PM -0500, Louis LeBlanc 
> Hey all.  I'm finally getting around to setting up a caching dns
> server.  Pretty confusing from my angle.
> Here's what I have so far:
> named enaabled in /etc/rc.conf
> cd to /etc/namedb and run sh make-localhost
> and the following in /etc/namedb/named.conf:
> options {
>       directory "/etc/namedb";
>       forward first;
>       forwarders {
>     ;
>     ;
>       };
>       listen-on {; };
>       version "surely you must be joking"
>       query-source address * port 53;
> };
> zone "." {
> type hint;
> file "named.root";
> };
> zone "0.0.127.IN-ADDR.ARPA" {
> type master;
> file "localhost.rev";
> };

G'day Louis,

The only differences I can see between this and my working 
configuration at home is

1/. I have "forward only" rather than "forward first". 
    So far my DNS providers haven't failed me!

2/. I run named as a non-privileged user. I haven't configured 
    a complete sandbox (see 
for that), 
    but just did the following:

      mkdir /etc/namedb/s
      chown bind:bind /etc/namedb/s
      chmod 750 /etc/namedb/s

   Add the following to the options in named.conf

      dump-file "s/named_dump.db";

   and named_flags="-u bind -g bind" to /etc/rc.conf.

3/. I don't have the version and query-source lines. I 
    don't believe they'll break anything for you.

4/. I have set up an authorative "lane.family" 
    domain for my home network

5/. You may want to add to your listen-on option.

I can't see anything in your setup as is that will wreak havoc on the 
internet, but I am not an expert. I would at least run it as bind:bind
rather than root as it is trivial to set up. A complete sandbox is better, 
and of course a jail would be even better, but they are both more work.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to