Caching-only nameserver for internal network

Michiel Kreutzer mkreutzer at my-deja.com
Thu Aug 19 21:40:17 UTC 1999 

Donald,

Thanks for your input. As I have said in my original post, I am aware of this method, but I would rather not use it. Is it because of safety issues that you still advise it, or is it just "the only proper way". From other advise I recieved, I now have added reverse DNS for the local net, and it seems to work. This is my /etc/named.conf:

---
options {
        directory "/var/named";

        // uncommented 11/09/1999  because of firewall
         query-source address * port 53;
        // put ISP nameservers here, they are queried if lookup
        // is not in cache
         forward first;
         forwarders{ 194.158.160.10; 194.158.160.14; 
         };
        // we only serve ourself and the local 168.192.1 network
        // outside world should not query us.
         listen-on {
                127/8; 192.168.1.0/24;
         };
};

// 
// a caching only nameserver config
// 
zone "." {
        type hint;
        file "named.ca";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "named.local";
};

zone "1.168.192.in-addr.arpa" {
        type master;
        file "named.local";
};
---

The named.local and named.ca are just as supplied in the chaching-only nameserver RPM from Redhat.
Nameserver for the firewall now is 127.0.0.1, for the other boxes it's the firewall. All is working, but there still is a lot of traffic between my nameservers and the firewall, even if I don't do anything; from tcpdump:

 23:34:19.118942 my_firewall.domain > ISP_nameserver.domain: 5817
5+ (44)
23:34:19.238942 ISP_nameserver.domain > my_firewall.domain: 5817
5* 1/2/2 (181) (DF)

Any ideas? Should I change this?
Thanks again for your input

Michiel
--

On Thu, 19 Aug 1999 12:44:31   Wilder, Donald wrote:
>Michael,
>
>I would suggest that you set up one of your internal hosts the same as you
>have for your firewall except have the forwarders on the internal DNS point
>to your firewall DNS. Then have all your internal hosts put the internal DNS
>server first in their resolv.conf.
>
>This should work fine.
>
>Donald E. Wilder

>Hi,
>
>I have a local, internal network (ip# 192.168.*.*) behind a firewall

[snip]

>Now I want to use the firewall caching-only nameservers for all boxes
>behind the firewall. These boxes have hostnames (host1, host2, etc.),
>which are setup in /etc/hosts on the firewall
>
>I searched deja.com for help, but did not find any, except from setting
>up a nameserver on a second, internal box. This I can nor want to do.
>So, my basic question is: I want to use the caching-only nameserver on
>my firewall to reduce the dns-traffic to the outside world as much as I
>can, and use this nameserver not only for the firewall itself, but also
>for the other boxes on the intranet. How can I set this up? I have read
>the DNS-HOWTO, but that did not help me succeed.
>
>Thanks beforehand for any input.
>Michiel Kreutzer
>



--== Sent via Deja.com http://www.deja.com/ ==--
Share what you know. Learn what you don't.

More information about the bind-users mailing list