What is the best way to configure DNS for a local network?

Mike Dimmick mike at dimmick.demon.co.uk
Wed Mar 1 15:22:35 UTC 2000 

<Mark.Andrews at nominum.com> wrote in message
news:200002162117.IAA15757 at bsdi.dv.isc.org...
>
> > Hi,
> > I want to use DNS instead of always editing the hosts file
> > on my network.
> > My linux machine doesn't have an internet connection.
> > Is it possible to configure the DNS server that it won't try
> > to contact the root dns servers outside ?
> > What is the best sollution for this?
> >
> > thanks in avance,
> > Freddy Groen
> >
> > ps: i'm using bind8 and it's working. But it still tries to
> > resolve unknown names...
> >
> >
> Just set up a root zone similar to your other master zones.
> i.e. change the zone type from hint to master and build the
> zone SOA and NS records for the root and the forward and reverse
> zones.

I apologise if this is a FAQ, but I haven't found an answer so far
(about 3/4 through an initial download of 650 messages)!

Here we have a disconnected network (with domain name
'brook-green.org.uk.') consisting of lots of students' own workstations.
A lot of us have individual dial-up connections; we looked at a 'proper'
Internet connection and found it wasn't cost effective.

We've deployed BIND (8) on a couple of server boxes distributed around
the site, to allow use of DNS lookups for 'ping' and other
internet-standard (resolver based)packages.  OK, 95% of the workstations
run Windows in some form or another, so they generally use NetBIOS names
for most services, but we find DNS useful too.

How should I configure BIND8 to allow lookups of our *private* domain
name and *private* IP address set, while not breaking DNS resolution for
dial-up connections?

Currently I have the following named.conf (for my server, which is slave
for the domain; there is also a primary server):

options {
    directory "/var/named";
    // query-source address * port 53;
    recursion no;
    transfer-format many-answers;
};

//
// brook-green.org.uk primary nameserver host file
//
zone "brook-green.org.uk" {
    type slave;
    file "sec/brook-green";
    masters { 192.168.0.3; };
};

zone "168.192.IN-ADDR.ARPA" {
    type slave;
    file "sec/192.168";
    masters { 192.168.0.3; };
};

zone "0.0.127.IN-ADDR.ARPA" {
    type master;
    file "pri/127.0.0";
};

// zone "." {
//    type hint;
//    file "hint/root";
// };

You will note that the hint for the root servers is commented out.  This
now means that I get lots of errors in my system logs:

Feb 28 14:11:41 dragon named[1324]: sysquery: nlookup error on ?
Feb 28 14:12:41 dragon last message repeated 2 times
Feb 28 14:14:11 dragon last message repeated 3 times
Feb 28 14:16:11 dragon last message repeated 3 times

every time someone using dragon as primary name server asks for an
Internet name (anything that isn't *.brook-green.org.uk.)

Now, I could enter "." as a master zone (following the advice above) but
which servers should I enter as available for "."?  I don't relish the
thought of asking all my colleagues which ISPs they use and collecting
the appropriate name server information for them -- and would they come
out in the right order?

I suppose the choice of name server to query is left to the resolver,
can anyone confirm?

--
Mike Dimmick

More information about the bind-users mailing list