On Mon, Jan 27, 2003 at 05:15:29PM -0500, Louis LeBlanc <[EMAIL PROTECTED]> wrote: > Hey all. I'm finally getting around to setting up a caching dns > server. Pretty confusing from my angle. > > Here's what I have so far: > named enaabled in /etc/rc.conf > cd to /etc/namedb and run sh make-localhost > > and the following in /etc/namedb/named.conf: > > options { > directory "/etc/namedb"; > forward first; > forwarders { > 151.203.0.84; > 151.202.0.84; > }; > listen-on { 10.8.20.5; }; > version "surely you must be joking" > query-source address * port 53; > }; > > > zone "." { > type hint; > file "named.root"; > }; > > zone "0.0.127.IN-ADDR.ARPA" { > type master; > file "localhost.rev"; > }; >
G'day Louis, The only differences I can see between this and my working configuration at home is 1/. I have "forward only" rather than "forward first". So far my DNS providers haven't failed me! 2/. I run named as a non-privileged user. I haven't configured a complete sandbox (see http://www.au.freebsd.org/doc/en_US.ISO8859-1/books/handbook/dns.html#NAMED-SANDBOX for that), but just did the following: mkdir /etc/namedb/s chown bind:bind /etc/namedb/s chmod 750 /etc/namedb/s Add the following to the options in named.conf dump-file "s/named_dump.db"; and named_flags="-u bind -g bind" to /etc/rc.conf. 3/. I don't have the version and query-source lines. I don't believe they'll break anything for you. 4/. I have set up an authorative "lane.family" domain for my home network 5/. You may want to add 127.0.0.1 to your listen-on option. I can't see anything in your setup as is that will wreak havoc on the internet, but I am not an expert. I would at least run it as bind:bind rather than root as it is trivial to set up. A complete sandbox is better, and of course a jail would be even better, but they are both more work. Greg To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message