Re: Configuring DNS (BIND) in isolation
Andrew Falanga wrote: You're on the right track. Yes, you'ld need a zone file for the root of your DNS -- if it's all served from one machine then that would replace the 'hint' zone and named.root stuff in the example named.conf The zone file for '.' would contain an SOA record and then delegation for whatever forward and reverse domains you want to use. Eg. supposing you want to use the TLD 'in.isolation' with IP numbers from 192.168.0.0/24 then you'ld need something like: ; ; Root of the private domain name system ; $TTL 604800; 1 week @ IN SOA ns0.in.isolation. hostmaster.in.isolation. ( 2006120100 ; Serial 1800 ; Refresh (30min) 900; Retry (15min) 604800 ; Expire (1week) 86400 ); Minimum (1day) in.isolation.IN NS ns0.in.isolation. 0.168.192.in-addr.arpa. IN NS ns0.in.isolation. ns0.in.isolation.IN A 192.168.0.1 ; Glue ; ; That's All Folks! ; Ok, here's the problems I've got so far. I've made the following files, isolated.zone, isolated.rev, localhost.rev, localhost-v6.rev and root.zone The isolated.* files are for the forward addresses and the reverse pointers for 192.168.0.0/24 that I've set up. The root.zone file contains, what I thought should be, for the . zone. (Matthew, from your message above, I wasn't clear if all I'd need is what you have above, or that it was implied that I'd need a SOA for the . zone as well. So, I made one.) The above *is* for the root zone. Now, I'm getting a few errors. Sometimes it seems that named can't find the files that I told it to look for in named.conf. I used the original named.conf file as a reference, and just filled in the blanks as it were, for my zones. Also, named keeps complaining about rndc.key files missing. How do I generate these key files? I didn't find anything from 'man rndc'? Use rndc-confgen and follow the instructions written in the file it outputs about editing named.conf. You won't need a separate rndc.key file. Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Configuring DNS (BIND) in isolation
Hello, I have a need to make my own DNS system on an isolated network. Years ago, I administered DNS for a couple of different companies, but that was quite a while ago and since I've turned to programming I haven't done much in the way of network administration. I recall from using BIND 4, when I was reading up on it, that it is most certainly possible to configure an entire DNS system on a totally isolated network. Would I need zone files for the root, ., zone and any other zones I configure; e.g. isolation.? This would seem to be the way to go about it, but I'm having some difficulty visualizing it in my head. I just did some searches online for the O'Reilly book DNS BIND. I recall using this book in the past and it was quite helpful (and unfortunately for me, belonged to my former employers). Would this book be a good reference for this task as well, or are there better books that I might want to look into getting for this? Or, are there good on-line resources that could help me muddle through? Any help is greatly appreciated. Thanks, Andy Hello Andy, First, you need to know that BIND has jumped from version 4 directly to version 8 and is now at version 9. There is a whole world of difference between the version 4 that you've worked with in the past and the latest version 9 (such as Views, DNSSEC, IXFR, etc). Now, the book you mentioned above is still THE reference on the topic. O'Reilly recently published the 5th edition of DNS BIND which covers everything BIND 9 has to offer. Plus an extended chapter on the DNS architecture itself. It's a great book, you should get yourself a copy if you're interested by DNS. Third, while DNS BIND is a fine book, you'll have more direct help from another O'Reilly book called DNS BIND Cookbook from Cricket Liu. It presents some common DNS related tasks in the form of easy to follow recipes. It sure is a great help when it actually is time to build and configure your DNS servers. Moreover, FreeBSD is an excellent platform for building DNS servers. I've built DNS servers out of Solaris, AIX, RedHat and FreeBSD machines and BSD is by far the easiest and more flexible to setup and secure. shameless plug Finally, if for various reasons you don't have the time or expertise to setup your own DNS machine. Then have a look at the appliances from the author of DNS BIND Cricket Liu's company called Infoblox at http://www.infoblox.com. /shameless plug Cheers, David -- David Robillard UNIX systems administrator Oracle DBA CISSP, RHCE Sun Certified Security Administrator Montreal: +1 514 966 0122 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring DNS (BIND) in isolation
On 12/4/06, David Robillard [EMAIL PROTECTED] wrote: Hello, I have a need to make my own DNS system on an isolated network. Years ago, I administered DNS for a couple of different companies, but that was quite a while ago and since I've turned to programming I haven't done much in the way of network administration. I recall from using BIND 4, when I was reading up on it, that it is most certainly possible to configure an entire DNS system on a totally isolated network. Would I need zone files for the root, ., zone and any other zones I configure; e.g. isolation.? This would seem to be the way to go about it, but I'm having some difficulty visualizing it in my head. I just did some searches online for the O'Reilly book DNS BIND. I recall using this book in the past and it was quite helpful (and unfortunately for me, belonged to my former employers). Would this book be a good reference for this task as well, or are there better books that I might want to look into getting for this? Or, are there good on-line resources that could help me muddle through? Any help is greatly appreciated. Thanks, Andy Hello Andy, First, you need to know that BIND has jumped from version 4 directly to version 8 and is now at version 9. There is a whole world of difference between the version 4 that you've worked with in the past and the latest version 9 (such as Views, DNSSEC, IXFR, etc). Now, the book you mentioned above is still THE reference on the topic. O'Reilly recently published the 5th edition of DNS BIND which covers everything BIND 9 has to offer. Plus an extended chapter on the DNS architecture itself. It's a great book, you should get yourself a copy if you're interested by DNS. Third, while DNS BIND is a fine book, you'll have more direct help from another O'Reilly book called DNS BIND Cookbook from Cricket Liu. It presents some common DNS related tasks in the form of easy to follow recipes. It sure is a great help when it actually is time to build and configure your DNS servers. Moreover, FreeBSD is an excellent platform for building DNS servers. I've built DNS servers out of Solaris, AIX, RedHat and FreeBSD machines and BSD is by far the easiest and more flexible to setup and secure. shameless plug Finally, if for various reasons you don't have the time or expertise to setup your own DNS machine. Then have a look at the appliances from the author of DNS BIND Cricket Liu's company called Infoblox at http://www.infoblox.com. /shameless plug Cheers, David -- David Robillard UNIX systems administrator Oracle DBA CISSP, RHCE Sun Certified Security Administrator Montreal: +1 514 966 0122 I wanted to thank everyone who answered, but I think my first reply went only to the individual of whose e-mail I chose to respond to (sorry) and thanks everyone. I think I've got what I need to get going. Andy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring DNS (BIND) in isolation
You're on the right track. Yes, you'ld need a zone file for the root of your DNS -- if it's all served from one machine then that would replace the 'hint' zone and named.root stuff in the example named.conf The zone file for '.' would contain an SOA record and then delegation for whatever forward and reverse domains you want to use. Eg. supposing you want to use the TLD 'in.isolation' with IP numbers from 192.168.0.0/24 then you'ld need something like: ; ; Root of the private domain name system ; $TTL 604800; 1 week @ IN SOA ns0.in.isolation. hostmaster.in.isolation. ( 2006120100 ; Serial 1800 ; Refresh (30min) 900; Retry (15min) 604800 ; Expire (1week) 86400 ); Minimum (1day) in.isolation.IN NS ns0.in.isolation. 0.168.192.in-addr.arpa. IN NS ns0.in.isolation. ns0.in.isolation.IN A 192.168.0.1 ; Glue ; ; That's All Folks! ; Ok, here's the problems I've got so far. I've made the following files, isolated.zone, isolated.rev, localhost.rev, localhost-v6.rev and root.zone The isolated.* files are for the forward addresses and the reverse pointers for 192.168.0.0/24 that I've set up. The root.zone file contains, what I thought should be, for the . zone. (Matthew, from your message above, I wasn't clear if all I'd need is what you have above, or that it was implied that I'd need a SOA for the . zone as well. So, I made one.) Now, I'm getting a few errors. Sometimes it seems that named can't find the files that I told it to look for in named.conf. I used the original named.conf file as a reference, and just filled in the blanks as it were, for my zones. Also, named keeps complaining about rndc.key files missing. How do I generate these key files? I didn't find anything from 'man rndc'? Andy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring DNS (BIND) in isolation
On Dec 1, 2006, at 1:03 PM, Andrew Falanga wrote: I have a need to make my own DNS system on an isolated network. Years ago, I administered DNS for a couple of different companies, but that was quite a while ago and since I've turned to programming I haven't done much in the way of network administration. I recall from using BIND 4, when I was reading up on it, that it is most certainly possible to configure an entire DNS system on a totally isolated network. Of course; it's possible to do so with BIND-8, too. :-) Would I need zone files for the root, ., zone and any other zones I configure; e.g. isolation.? Yep. This would seem to be the way to go about it, but I'm having some difficulty visualizing it in my head. I just did some searches online for the O'Reilly book DNS BIND. I recall using this book in the past and it was quite helpful (and unfortunately for me, belonged to my former employers). Would this book be a good reference for this task as well, or are there better books that I might want to look into getting for this? Or, are there good on-line resources that could help me muddle through? The O'Reilly DNS BIND book is an excellent reference, and you should certainly pick it up if you're going to be running your own root NS, although it should also be true that you can use the online references such as the BOG (BIND Operations Guide) to accomplish your goal. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring DNS (BIND) in isolation
Andrew Falanga wrote: I have a need to make my own DNS system on an isolated network. Years ago, I administered DNS for a couple of different companies, but that was quite a while ago and since I've turned to programming I haven't done much in the way of network administration. I recall from using BIND 4, when I was reading up on it, that it is most certainly possible to configure an entire DNS system on a totally isolated network. Would I need zone files for the root, ., zone and any other zones I configure; e.g. isolation.? This would seem to be the way to go about it, but I'm having some difficulty visualizing it in my head. I just did some searches online for the O'Reilly book DNS BIND. I recall using this book in the past and it was quite helpful (and unfortunately for me, belonged to my former employers). Would this book be a good reference for this task as well, or are there better books that I might want to look into getting for this? Or, are there good on-line resources that could help me muddle through? You're on the right track. Yes, you'ld need a zone file for the root of your DNS -- if it's all served from one machine then that would replace the 'hint' zone and named.root stuff in the example named.conf The zone file for '.' would contain an SOA record and then delegation for whatever forward and reverse domains you want to use. Eg. supposing you want to use the TLD 'in.isolation' with IP numbers from 192.168.0.0/24 then you'ld need something like: ; ; Root of the private domain name system ; $TTL 604800; 1 week @ IN SOA ns0.in.isolation. hostmaster.in.isolation. ( 2006120100 ; Serial 1800 ; Refresh (30min) 900; Retry (15min) 604800 ; Expire (1week) 86400 ); Minimum (1day) in.isolation.IN NS ns0.in.isolation. 0.168.192.in-addr.arpa. IN NS ns0.in.isolation. ns0.in.isolation.IN A 192.168.0.1 ; Glue ; ; That's All Folks! ; Then you'ld need the zone files for 'in.isolation.' and '0.168.192.in-addr.arpa' The O'Reilly book 'DNS Bind' by Ablitz and Liu is well worth obtaining. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature