Re: DNS, bind9, and other

Mon, 19 Mar 2007 11:44:03 -0800 

On Mon, Mar 19, 2007 at 07:33:42AM -0700, JOHN LUCKEY wrote:
> Anyone have or know of a good beginner's tutorial on how to
> setup/configure a openBSD box to do DNS on a local network?
> The more concrete/cookbook the examples, the better.

Sure, I have that exact setup running. I've pasted a slightly anonymized
version at the end. There are many tools and tutorials for writing zone
files, so I'll assume you can find those yourself.

This, of course, uses BIND. There are other DNS servers, but BIND
doesn't suck too badly, is well-tested, and is in base.

                Joachim

/var/named/etc/named.conf:

acl local {
        127.0.0.0/8;
        192.168.0.0/24;
        ::1;
}

acl othernet {
        192.168.1.0/24;
}

options {
        version "";     // remove this to allow version queries

        listen-on    { local; othernet; }
        listen-on-v6 { local; othernet; }

        # Limit access
        allow-recursion { local; };
        allow-query { local; othernet; };
        allow-transfer { local; };

        # Don't allow too many lookups at once, and limit memory usage
        recursive-clients 100;
        max-cache-size 48M;

        # Explicitly set hostname
        hostname "myhostname";

        # Ask the ISP nameservers first; they are close,
        # network-topology wise, and why not let them do most of our
        # caching for us?
        forwarders { $IP_DNS_SERVER1; $IP_DNS_SERVER2; };
};

logging {
        category lame-servers { null; };
};

// Standard zones
//
zone "." {
        type hint;
        file "standard/root.hint";
};

zone "localhost" {
        type master;
        file "standard/localhost";
        allow-transfer { localhost; };
};

zone "127.in-addr.arpa" {
        type master;
        file "standard/loopback";
        allow-transfer { localhost; };
};
zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
{
        type master;
        file "standard/loopback6.arpa";
        allow-transfer { localhost; };
};

zone "com" {
        type delegation-only;
};

zone "net" {
        type delegation-only;
};

// Master zones
//
//zone "myzone.net" {
//      type master;
//      file "master/myzone.net";
//};

zone "local.net" {
        type master;
        file "master/local.net";
};

// Reverse DNS, adapt this to whatever your local net is
zone "0.168.192.in-addr.arpa" {
        type master;
        file "master/0.168.192-in-addr.arpa";
};

Reply via email to