basic client setup plus name resolving from HW router

Sten Carlsen sten at s-carlsen.dk
Sun May 14 22:38:33 UTC 2006 

The use of .local is reserved by Apple. If you do not use macs, you
don't have to care.
Whatever you do I recommend not to use .local. .home is safe.

This is based on personal experience and documents from Apple. Look for
rendevous.



Simon Hobson wrote:
> Olivier Schreiber wrote:
>
>   
>>  > You need to have dhcp-server and bind installed (you do not need
>>     
>>>  dhcp-client on the machine you use as the server).
>>>  On bind, configure a forward and reverse zone for your network
>>>       
>>  > (ie mydomain.com and 123.168.192.arpa).
>>
>> Would you mind clarifying the two above addrsses?
>> I am not sure they are chosen or imposed by reading your explanations
>> below. The `arpa' string is confusing me.
>>     
>
> OK, the two zones in DNS you need are :
>
> mydomain.com - this is what is commonly referred to as the 'forward' 
> zone, it is used when you type in something like "ssh 
> somemachine.mydomain.com" to resolve the name to an address. 
> mydomain.com is however just an example, you should use your own 
> domain here.
>
> 123.168.192.arpa - this is the 'reverse' zone, used to do lookups in 
> the reverse direction to normal. When you (for example) ssh into 
> another machine, it will most likely try and resolve your address for 
> the benefit of logs etc - so it can log a connection from 
> "mylaptop.mydomain.com" instead of 192.168.123.42. The way it works 
> is that whatever address is given, reverse the order of the octets, 
> and append "in-addr.arpa" - this makes the address into something 
> with the same structure as the domain names so it can easily be 
> handled by the same delegation process.
>
> To see how this works, try :
> dig +trace www.thehobsons.co.uk
> dig +trace -x 212.159.9.131
>
> This will show you the nameservers/delegations used to get from the 
> root of the dns tree down to an individual node.
>
>
> However, by setting up the two zones in your own dns server, queries 
> for addresses in these zones will never be sent outside as your own 
> server already has answers. Thus, within your own network, you can 
> resolve (eg) somemachine.mydomain.com to an IP address, and resolve 
> an IP address in the 192.168.123.0/24 network to a name.
>
> You can configure your dns server in two ways for dealing with 
> names/addresses that are not in your network :
> 1) forward any other queries to other dns servers (typically those 
> provided by your ISP) - generally called a "forwarder".
> 2) go find the results itself, starting at the root nameservers.
>
> All this is definitely not DHCP related, there is much out there on 
> dns, but I would recommend an O'Reilly book called "DNS and Bind" by 
> Paul Albitz and Cricket Liu. It includes a lot of advanced stuff that 
> you can ignore, but it starts by explaining the fundamentals, how 
> they work, and why it's done that way.
>
>   
>>  > <pet moan>
>>     
>>>  Do not just 'make up' a domain, or use ".local", or use a domain that
>>>  someone else is using. Using .local is wrong - it's a reserved domain
>>>  name for ZeroConf (cf Apple's Rendevous, multicast DNS, ...) and
>>>  whilst Windows networks work fine with a .local address, Macs will
>>>  barf and the network doesn't work right.
>>>  If you just 'make up' a domain name, at some point it could be
>>>  registered by someone else - and then you would be using someone
>>>  elses domain name.
>>>  Using someone elses domain name is just plain bad manners. Apart from
>>>  not being able to access anything in their domain, the domain you use
>>>  internally DOES leak out (eg in mail headers) and it's bad to be
>>>  using someone elses name.
>>>  Getting your own domain name registered is so cheap and easy these
>>>  days that there really isn't any excuse if you want to do things
>>>  properly.
>>>  </pet moan>
>>>       
>> Would you mind outlining more a HOWTO approach to your `moan' like
>> which domain is the forward, which one is the backward--given a
>> commercial ISP non-fixed IP address and how to get said domain name?
>> I totally agree with your concern that people do the right thing but
>> most of the time, they don't because they think it is too complicated.
>>     
>
> There are many places where you can buy a domain name, I can't 
> recommend any one in particular as I've got my domain names and web 
> hosting via my ISP as part of my ADSL package.
>
> If you are stuck with a dynamic IP address then that makes it rather 
> difficult to run your own mail server. My ISP gives fixed addresses 
> so I can run my own mail, and so can apply my own spam prevention 
> measures such as greylisting which I find very effective - most 
> definitely to be preferred over an ISPs mail server that accepts 
> everything and then throws half your genuine mail away with the spam !
>
> I have asked in a number of places about a suitable domain to use for 
> private use and never had a good answer. Many use .local because it 
> seems to make sense and I believe it is recommended by Microsoft when 
> setting up a Small Business Server, but as stated above, it isn't a 
> particularly good choice. Others just make up a domain name (eg 
> 'fredshouse.com') and hope no-one ever comes along and registers it. 
> Others make up a top level domain that isn't used and use that - eg 
> "fredshouse.private". As far as I know, there is no top level domain 
> reserved for private use.
>
> Of the options, best is to register your own domain name, after that, 
> using something like mydomain.private seems reasonable since it 
> doesn't seem too likely that ICANN will create .private as a new top 
> level domain.
>
>
>

More information about the dhcp-users mailing list