Re: DNS: querying route DNS
On Jan 14 at 16:39, Matthew Seaman patiently explained: Andrew P. wrote: Matthew Seaman wrote: I'm sure it won't be difficult for anyone to find a named(8) how-to, but I'd be very glad to see your post, please. I currently use djbdns, but I'm not very happy with it and I'd like to try something else. Sure. Assuming you're using 5.3-RELEASE, 5.3-STABLE or better, then setting up a recursive-only nameserver is really very simple. The system comes with BIND-9.3.0 as standard, and it has all of the chroot-ing functionality available just by default. All you need do is add the following to /etc/rc.conf: named_enable=YES Your howto was characteristically thorough Matthew. I followed it myself - almost to the letter. At some point I think I had to refer to the Handbook howto as well, but having the Handbook open to the relevant section when doing something new is/should_be mandatory. Upon completion of the process I noted something which I assume to be normal behavior, a new beast has been created /var/named/dev which seems to contain some rather odd creatures indeed. crw-rw-rw- 1 root wheel2, 2 Jan 16 08:55 null crw-rw-rw- 1 root wheel6, 8 Jan 15 16:28 ptyp8 crw-rw-rw- 1 root wheel 249, 0 Jan 12 12:11 random crw-rw-rw- 1 root wheel5, 8 Jan 15 16:28 ttyp8 I (instinctively) assume all this constitutes a rather rugged part of the jail. All told, and yet again Matthew, thanks for contributing excellent useable info. Regards, -Colin -- Colin J. Raven FreeBSD 5.3-RELEASE - http://www.FreeBSD.org - There can be only One 9:06AM up 3 days, 21:54, 7 users, load averages: 0.03, 0.01, 0.00 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS: querying route DNS
relax think wrote: i want to query root servers directly instead of my ISP dns and for tht have used couple of commands like tracert and route through (RT) but wasnt able to query root server directly , if u know how to directly query root server thn plz help Use dig(1). Eg. to see the nameservers that the cn domain is delegated to try: % dig @f.root-servers.net cn IN NS Although I can't really see much point in doing this -- the root servers will only return actual answers to queries about top level domains (see http://www.iana.org/cctld/cctld-whois.htm and http://www.iana.org/gtld/gtld.htm ) -- otherwise, and the vast majority of the time, they'll just tell you to go and bother some other nameserver which has data about the next level down the domain hierarchy. If your ISPs nameservers are unreliable or overloaded, and not giving you a good service, then one course of action you might consider is just configuring the named(8) built into your FreeBSD system to do recursive DNS lookups for you. (And caching -- but that's a given for any sort of DNS server). If you (or anyone) is interested I'll be happy to post a HowTo to the list. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 8 Dane Court Manor School Rd PGP: http://www.infracaninophile.co.uk/pgpkey Tilmanstone Tel: +44 1304 617253 Kent, CT14 0JL UK signature.asc Description: OpenPGP digital signature
Re: DNS: querying route DNS
Matthew Seaman wrote: If your ISPs nameservers are unreliable or overloaded, and not giving you a good service, then one course of action you might consider is just configuring the named(8) built into your FreeBSD system to do recursive DNS lookups for you. (And caching -- but that's a given for any sort of DNS server). If you (or anyone) is interested I'll be happy to post a HowTo to the list. Hello Matthew! I'm sure it won't be difficult for anyone to find a named(8) how-to, but I'd be very glad to see your post, please. I currently use djbdns, but I'm not very happy with it and I'd like to try something else. Thanx in advance! Best wishes, Andrew P. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS: querying route DNS
* Andrew P. [EMAIL PROTECTED] [0122 14:22]: Matthew Seaman wrote: If your ISPs nameservers are unreliable or overloaded, and not giving you a good service, then one course of action you might consider is just configuring the named(8) built into your FreeBSD system to do recursive DNS lookups for you. I'm sure it won't be difficult for anyone to find a named(8) how-to, On a hard drive near you. Or try: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-dns.html -- 'My life, and by extension everyone else's, is meaningless.' -- Bender Rasputin :: Jack of All Trades - Master of Nuns ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS: querying route DNS
Andrew P. wrote: Matthew Seaman wrote: If your ISPs nameservers are unreliable or overloaded, and not giving you a good service, then one course of action you might consider is just configuring the named(8) built into your FreeBSD system to do recursive DNS lookups for you. (And caching -- but that's a given for any sort of DNS server). If you (or anyone) is interested I'll be happy to post a HowTo to the list. I'm sure it won't be difficult for anyone to find a named(8) how-to, but I'd be very glad to see your post, please. I currently use djbdns, but I'm not very happy with it and I'd like to try something else. Sure. Assuming you're using 5.3-RELEASE, 5.3-STABLE or better, then setting up a recursive-only nameserver is really very simple. The system comes with BIND-9.3.0 as standard, and it has all of the chroot-ing functionality available just by default. All you need do is add the following to /etc/rc.conf: named_enable=YES There are several other variables you can use to tweak the named startup via /etc/rc.conf, but basically the default values are good for what I want to do here: named_program=/usr/sbin/named # path to named, if you want a different one. named_flags=-u bind # Flags for named named_pidfile=/var/run/named/pid # Must set this in named.conf as well named_chrootdir=/var/named# Chroot directory (or not to auto-chroot it) named_chroot_autoupdate=YES # Automatically install/update chrooted # components of named. See /etc/rc.d/named. named_symlink_enable=YES # Symlink the chrooted pid file g You need to do three more things to configure named. The first is to generate the keys that allow rndc(8) to communicate with and control the name server: # rndc-confgen /etc/named/rndc.conf The file consists of two parts: the stuff rndc needs to read, followed by the equivalent stuff, but commented out, to go into named.conf: # Start of rndc.conf key rndc-key { algorithm hmac-md5; secret XX==; }; options { default-key rndc-key; default-server 127.0.0.1; default-port 953; }; # End of rndc.conf # Use with the following in named.conf, adjusting the allow list as needed: # key rndc-key { # algorithm hmac-md5; # secret XX==; # }; # # controls { # inet 127.0.0.1 port 953 # allow { 127.0.0.1; } keys { rndc-key; }; # }; # End of named.conf All of those X's will be replaced by a random password hash. The second thing is to generate the zone files for the localhost and the IPv6 and IPv4 loopback addresses, which you do by running the provided script: # cd /etc/namedb # ./make-localhost This will write two files into /etc/namedb/master: localhost.rev, and localhost-v6.rev which let you resolve the IP numbers 127.0.0.1 and ::1 respectively as mapping to the hostname 'localhost.' Once you've generated those once, you never need to touch them again. Nb. Although we're setting up a recursive nameserver, it will hold these localhost domains authoritatively; a slight exception to the usual rule of not mixing recursive and authoritative functions in the same nameserver instance. Pretty much every nameserver in operation provides the localhost reverse domain. The third and final step is to generate a named.conf -- details of the configuration file syntax are available in file:///usr/share/doc/bind9/arm/Bv9ARM.html but something based on the attached example is what you need. This will provide a recursive nameservice including both IPv4 and IPv6. Use named-confcheck to syntax check the file: % named-checkconf named.conf echo Configuration OK BIND v9 is in general very picky about the syntax of the configuration file, and if it finds an error (usually a missing semi-colon) it will silently (except for messages to the system log) refuse to start up. At last you're ready to fire up named for the first time: # /etc/rc.d/named start This will result in the contents of /etc/namedb being copied into /var/named/etc/namedb and a sym-link being created in /etc. Various other necessary bits will be created under /var/named and as a security measure, the named daemon will be chroot'ed there when it starts up. Any time you work on named's config or zone files, always check the system log to confirm that named is still happy: Jan 14 09:08:40 gravitas named[371]: starting BIND 9.3.0 -u bind -t /var/named Jan 14 09:08:41 gravitas named[371]: command channel listening on 127.0.0.1#953 Jan 14 09:08:41 gravitas named[371]: command channel listening on ::1#953 Use rndc(8) to control named during normal use -- it's interesting to dump the cache after a day or so's operation to see what weird and wonderful places your system has been looking up. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 8 Dane Court Manor
Re: DNS: querying route DNS
Matthew Seaman wrote: Sure. Assuming you're using 5.3-RELEASE, 5.3-STABLE or better, then setting up a recursive-only nameserver is really very simple. The system comes with BIND-9.3.0 as standard, and it has all of the chroot-ing functionality available just by default. All you need do is add the following to /etc/rc.conf: named_enable=YES There are several other variables you can use to tweak the named startup via /etc/rc.conf, but basically the default values are good for what I want to do here: named_program=/usr/sbin/named # path to named, if you want a different one. named_flags=-u bind # Flags for named named_pidfile=/var/run/named/pid # Must set this in named.conf as well named_chrootdir=/var/named# Chroot directory (or not to auto-chroot it) named_chroot_autoupdate=YES # Automatically install/update chrooted # components of named. See /etc/rc.d/named. named_symlink_enable=YES # Symlink the chrooted pid file g You need to do three more things to configure named. The first is to generate the keys that allow rndc(8) to communicate with and control the name server: # rndc-confgen /etc/named/rndc.conf The file consists of two parts: the stuff rndc needs to read, followed by the equivalent stuff, but commented out, to go into named.conf: # Start of rndc.conf key rndc-key { algorithm hmac-md5; secret XX==; }; options { default-key rndc-key; default-server 127.0.0.1; default-port 953; }; # End of rndc.conf # Use with the following in named.conf, adjusting the allow list as needed: # key rndc-key { # algorithm hmac-md5; # secret XX==; # }; # # controls { # inet 127.0.0.1 port 953 # allow { 127.0.0.1; } keys { rndc-key; }; # }; # End of named.conf All of those X's will be replaced by a random password hash. The second thing is to generate the zone files for the localhost and the IPv6 and IPv4 loopback addresses, which you do by running the provided script: # cd /etc/namedb # ./make-localhost This will write two files into /etc/namedb/master: localhost.rev, and localhost-v6.rev which let you resolve the IP numbers 127.0.0.1 and ::1 respectively as mapping to the hostname 'localhost.' Once you've generated those once, you never need to touch them again. Nb. Although we're setting up a recursive nameserver, it will hold these localhost domains authoritatively; a slight exception to the usual rule of not mixing recursive and authoritative functions in the same nameserver instance. Pretty much every nameserver in operation provides the localhost reverse domain. The third and final step is to generate a named.conf -- details of the configuration file syntax are available in file:///usr/share/doc/bind9/arm/Bv9ARM.html but something based on the attached example is what you need. This will provide a recursive nameservice including both IPv4 and IPv6. Use named-confcheck to syntax check the file: % named-checkconf named.conf echo Configuration OK BIND v9 is in general very picky about the syntax of the configuration file, and if it finds an error (usually a missing semi-colon) it will silently (except for messages to the system log) refuse to start up. At last you're ready to fire up named for the first time: # /etc/rc.d/named start This will result in the contents of /etc/namedb being copied into /var/named/etc/namedb and a sym-link being created in /etc. Various other necessary bits will be created under /var/named and as a security measure, the named daemon will be chroot'ed there when it starts up. Any time you work on named's config or zone files, always check the system log to confirm that named is still happy: Jan 14 09:08:40 gravitas named[371]: starting BIND 9.3.0 -u bind -t /var/named Jan 14 09:08:41 gravitas named[371]: command channel listening on 127.0.0.1#953 Jan 14 09:08:41 gravitas named[371]: command channel listening on ::1#953 Use rndc(8) to control named during normal use -- it's interesting to dump the cache after a day or so's operation to see what weird and wonderful places your system has been looking up. Thanks much! I actually thought that BIND configuration was a lot more difficult, but it appears to be a matter of 20 minutes. I also need to serve some local zones, but I'll figure that out on my own. Will try to switch to BIND this weekend. Best wishes, Andrew P. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]