Re: DNS: querying route DNS
On Jan 14 at 16:39, Matthew Seaman patiently explained: Andrew P. wrote: Matthew Seaman wrote: I'm sure it won't be difficult for anyone to find a named(8) how-to, but I'd be very glad to see your post, please. I currently use djbdns, but I'm not very happy with it and I'd like to try something else. Sure. Assuming you're using 5.3-RELEASE, 5.3-STABLE or better, then setting up a recursive-only nameserver is really very simple. The system comes with BIND-9.3.0 as standard, and it has all of the chroot-ing functionality available just by default. All you need do is add the following to /etc/rc.conf: named_enable=YES Your howto was characteristically thorough Matthew. I followed it myself - almost to the letter. At some point I think I had to refer to the Handbook howto as well, but having the Handbook open to the relevant section when doing something new is/should_be mandatory. Upon completion of the process I noted something which I assume to be normal behavior, a new beast has been created /var/named/dev which seems to contain some rather odd creatures indeed. crw-rw-rw- 1 root wheel2, 2 Jan 16 08:55 null crw-rw-rw- 1 root wheel6, 8 Jan 15 16:28 ptyp8 crw-rw-rw- 1 root wheel 249, 0 Jan 12 12:11 random crw-rw-rw- 1 root wheel5, 8 Jan 15 16:28 ttyp8 I (instinctively) assume all this constitutes a rather rugged part of the jail. All told, and yet again Matthew, thanks for contributing excellent useable info. Regards, -Colin -- Colin J. Raven FreeBSD 5.3-RELEASE - http://www.FreeBSD.org - There can be only One 9:06AM up 3 days, 21:54, 7 users, load averages: 0.03, 0.01, 0.00 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS: querying route DNS
relax think wrote: i want to query root servers directly instead of my ISP dns and for tht have used couple of commands like tracert and route through (RT) but wasnt able to query root server directly , if u know how to directly query root server thn plz help Use dig(1). Eg. to see the nameservers that the cn domain is delegated to try: % dig @f.root-servers.net cn IN NS Although I can't really see much point in doing this -- the root servers will only return actual answers to queries about top level domains (see http://www.iana.org/cctld/cctld-whois.htm and http://www.iana.org/gtld/gtld.htm ) -- otherwise, and the vast majority of the time, they'll just tell you to go and bother some other nameserver which has data about the next level down the domain hierarchy. If your ISPs nameservers are unreliable or overloaded, and not giving you a good service, then one course of action you might consider is just configuring the named(8) built into your FreeBSD system to do recursive DNS lookups for you. (And caching -- but that's a given for any sort of DNS server). If you (or anyone) is interested I'll be happy to post a HowTo to the list. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 8 Dane Court Manor School Rd PGP: http://www.infracaninophile.co.uk/pgpkey Tilmanstone Tel: +44 1304 617253 Kent, CT14 0JL UK signature.asc Description: OpenPGP digital signature
Re: DNS: querying route DNS
Matthew Seaman wrote: If your ISPs nameservers are unreliable or overloaded, and not giving you a good service, then one course of action you might consider is just configuring the named(8) built into your FreeBSD system to do recursive DNS lookups for you. (And caching -- but that's a given for any sort of DNS server). If you (or anyone) is interested I'll be happy to post a HowTo to the list. Hello Matthew! I'm sure it won't be difficult for anyone to find a named(8) how-to, but I'd be very glad to see your post, please. I currently use djbdns, but I'm not very happy with it and I'd like to try something else. Thanx in advance! Best wishes, Andrew P. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS: querying route DNS
* Andrew P. [EMAIL PROTECTED] [0122 14:22]: Matthew Seaman wrote: If your ISPs nameservers are unreliable or overloaded, and not giving you a good service, then one course of action you might consider is just configuring the named(8) built into your FreeBSD system to do recursive DNS lookups for you. I'm sure it won't be difficult for anyone to find a named(8) how-to, On a hard drive near you. Or try: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-dns.html -- 'My life, and by extension everyone else's, is meaningless.' -- Bender Rasputin :: Jack of All Trades - Master of Nuns ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS: querying route DNS
Andrew P. wrote:
Matthew Seaman wrote:
If your ISPs nameservers are unreliable or overloaded, and not giving
you a good service, then one course of action you might consider is
just configuring the named(8) built into your FreeBSD system to do
recursive DNS lookups for you. (And caching -- but that's a given for
any sort of DNS server). If you (or anyone) is interested I'll be
happy to post a HowTo to the list.
I'm sure it won't be difficult for anyone to find a named(8) how-to,
but I'd be very glad to see your post, please. I currently use djbdns,
but I'm not very happy with it and I'd like to try something else.
Sure. Assuming you're using 5.3-RELEASE, 5.3-STABLE or better, then
setting up a recursive-only nameserver is really very simple.
The system comes with BIND-9.3.0 as standard, and it has all of the
chroot-ing functionality available just by default. All you need do is
add the following to /etc/rc.conf:
named_enable=YES
There are several other variables you can use to tweak the named startup
via /etc/rc.conf, but basically the default values are good for what I
want to do here:
named_program=/usr/sbin/named # path to named, if you want a different
one.
named_flags=-u bind # Flags for named
named_pidfile=/var/run/named/pid # Must set this in named.conf as well
named_chrootdir=/var/named# Chroot directory (or not to
auto-chroot it)
named_chroot_autoupdate=YES # Automatically install/update chrooted
# components of named. See /etc/rc.d/named.
named_symlink_enable=YES # Symlink the chrooted pid file
g
You need to do three more things to configure named. The first is to
generate the keys that allow rndc(8) to communicate with and control the
name server:
# rndc-confgen /etc/named/rndc.conf
The file consists of two parts: the stuff rndc needs to read, followed
by the equivalent stuff, but commented out, to go into named.conf:
# Start of rndc.conf
key rndc-key {
algorithm hmac-md5;
secret XX==;
};
options {
default-key rndc-key;
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key rndc-key {
# algorithm hmac-md5;
# secret XX==;
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { rndc-key; };
# };
# End of named.conf
All of those X's will be replaced by a random password hash.
The second thing is to generate the zone files for the localhost and the
IPv6 and IPv4 loopback addresses, which you do by running the provided
script:
# cd /etc/namedb
# ./make-localhost
This will write two files into /etc/namedb/master: localhost.rev, and
localhost-v6.rev which let you resolve the IP numbers 127.0.0.1 and ::1
respectively as mapping to the hostname 'localhost.' Once you've
generated those once, you never need to touch them again. Nb. Although
we're setting up a recursive nameserver, it will hold these localhost
domains authoritatively; a slight exception to the usual rule of not
mixing recursive and authoritative functions in the same nameserver
instance. Pretty much every nameserver in operation provides the
localhost reverse domain.
The third and final step is to generate a named.conf -- details of the
configuration file syntax are available in
file:///usr/share/doc/bind9/arm/Bv9ARM.html
but something based on the attached example is what you need. This will
provide a recursive nameservice including both IPv4 and IPv6. Use
named-confcheck to syntax check the file:
% named-checkconf named.conf echo Configuration OK
BIND v9 is in general very picky about the syntax of the configuration
file, and if it finds an error (usually a missing semi-colon) it will
silently (except for messages to the system log) refuse to start up.
At last you're ready to fire up named for the first time:
# /etc/rc.d/named start
This will result in the contents of /etc/namedb being copied into
/var/named/etc/namedb and a sym-link being created in /etc. Various
other necessary bits will be created under /var/named and as a security
measure, the named daemon will be chroot'ed there when it starts up.
Any time you work on named's config or zone files, always check the
system log to confirm that named is still happy:
Jan 14 09:08:40 gravitas named[371]: starting BIND 9.3.0 -u bind -t
/var/named
Jan 14 09:08:41 gravitas named[371]: command channel listening on
127.0.0.1#953
Jan 14 09:08:41 gravitas named[371]: command channel listening on ::1#953
Use rndc(8) to control named during normal use -- it's interesting to
dump the cache after a day or so's operation to see what weird and
wonderful places your system has been looking up.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 8 Dane Court Manor
Re: DNS: querying route DNS
Matthew Seaman wrote:
Sure. Assuming you're using 5.3-RELEASE, 5.3-STABLE or better, then
setting up a recursive-only nameserver is really very simple.
The system comes with BIND-9.3.0 as standard, and it has all of the
chroot-ing functionality available just by default. All you need do is
add the following to /etc/rc.conf:
named_enable=YES
There are several other variables you can use to tweak the named startup
via /etc/rc.conf, but basically the default values are good for what I
want to do here:
named_program=/usr/sbin/named # path to named, if you want a different
one.
named_flags=-u bind # Flags for named
named_pidfile=/var/run/named/pid # Must set this in named.conf as well
named_chrootdir=/var/named# Chroot directory (or not to
auto-chroot it)
named_chroot_autoupdate=YES # Automatically install/update chrooted
# components of named. See /etc/rc.d/named.
named_symlink_enable=YES # Symlink the chrooted pid file
g
You need to do three more things to configure named. The first is to
generate the keys that allow rndc(8) to communicate with and control the
name server:
# rndc-confgen /etc/named/rndc.conf
The file consists of two parts: the stuff rndc needs to read, followed
by the equivalent stuff, but commented out, to go into named.conf:
# Start of rndc.conf
key rndc-key {
algorithm hmac-md5;
secret XX==;
};
options {
default-key rndc-key;
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key rndc-key {
# algorithm hmac-md5;
# secret XX==;
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { rndc-key; };
# };
# End of named.conf
All of those X's will be replaced by a random password hash.
The second thing is to generate the zone files for the localhost and the
IPv6 and IPv4 loopback addresses, which you do by running the provided
script:
# cd /etc/namedb
# ./make-localhost
This will write two files into /etc/namedb/master: localhost.rev, and
localhost-v6.rev which let you resolve the IP numbers 127.0.0.1 and ::1
respectively as mapping to the hostname 'localhost.' Once you've
generated those once, you never need to touch them again. Nb. Although
we're setting up a recursive nameserver, it will hold these localhost
domains authoritatively; a slight exception to the usual rule of not
mixing recursive and authoritative functions in the same nameserver
instance. Pretty much every nameserver in operation provides the
localhost reverse domain.
The third and final step is to generate a named.conf -- details of the
configuration file syntax are available in
file:///usr/share/doc/bind9/arm/Bv9ARM.html
but something based on the attached example is what you need. This will
provide a recursive nameservice including both IPv4 and IPv6. Use
named-confcheck to syntax check the file:
% named-checkconf named.conf echo Configuration OK
BIND v9 is in general very picky about the syntax of the configuration
file, and if it finds an error (usually a missing semi-colon) it will
silently (except for messages to the system log) refuse to start up.
At last you're ready to fire up named for the first time:
# /etc/rc.d/named start
This will result in the contents of /etc/namedb being copied into
/var/named/etc/namedb and a sym-link being created in /etc. Various
other necessary bits will be created under /var/named and as a security
measure, the named daemon will be chroot'ed there when it starts up.
Any time you work on named's config or zone files, always check the
system log to confirm that named is still happy:
Jan 14 09:08:40 gravitas named[371]: starting BIND 9.3.0 -u bind -t
/var/named
Jan 14 09:08:41 gravitas named[371]: command channel listening on
127.0.0.1#953
Jan 14 09:08:41 gravitas named[371]: command channel listening on ::1#953
Use rndc(8) to control named during normal use -- it's interesting to
dump the cache after a day or so's operation to see what weird and
wonderful places your system has been looking up.
Thanks much! I actually thought that BIND configuration was a lot
more difficult, but it appears to be a matter of 20 minutes. I also
need to serve some local zones, but I'll figure that out on my own.
Will try to switch to BIND this weekend.
Best wishes,
Andrew P.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
