newbie question

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed May 23 21:09:09 UTC 2007


On Wed, May 23, 2007 at 11:13:03AM -0700,
 Peter Duda <ginkochild at hotmail.com> wrote 
 a message of 21 lines which said:

> I would like to set up BIND so that mydomain.com is resolved by all
> my local computers and leave the rest of DNS to those nice and handy
> numbers that my ISP provides.

OK, per your request, simple instructions. Read a book if you want to
understand them.

Assume that the Unix box running BIND has the IP address 192.0.2.1 and
that the local network had the IP prefix 192.0.2.0/28. Assume that
your domain is example.com. Assume that the name servers of your
Internet access provider are 192.0.2.128 and 192.0.2.129.

On the Windows box, configure the name server to be 192.0.2.1. This
can be done through DHCP or manually in the Control Panel (do not ask
me questions about Windows).

On the Unix box, named.conf should contain:

options {

    // Do not be wide-open
    allow-recursion { 192.0.2.0/28; };
    // BIND >= 9.4 only!
    allow-query-cache { 192.0.2.0/28; };
    // TODO: use views for better security 

    // When queried about domains I'm not authoritative for, ask my
    // access provider
    forwarders {
        192.0.2.128;
        192.0.2.129;
    };

}

// The local zones
zone "example.com" {
        type master; 
        file "/etc/bind/db.example.com";
};

And /etc/bind/db.example.com contains:

; Share what you know, learn what you don't
@                       IN      SOA     ns1     hostmaster.example.com. (
                                        2007052301      ;serial
                                        21600   ;refresh (6 h)
                                        3600    ;retry (1 h)
                                        3600000 ;expire (41 days)
                                        86400 ); minimum (1 d)
                        IN      NS      ns1

; After the ancillary data, now come the real and useful data

                        IN      MX      100  mail

; Replace the question marks by the IP address of your Web server
www                     IN      A       ????

> Do I set up BIND to serve up the local domain and somehow point BIND
> to the other DNS servers

That's what I did.

> - do I do that through DHCP 

I do not know an easy way to do that so I hardwired the forwarders.

> I don't wish to slow down normal web traffic by having it query my
> server for every single web page that is served to my computers.

Unless your Unix box is *very* slow and your Internet connection
*very* fast you will instead make the Web traffic faster by having a
local BIND, with its cache.



More information about the bind-users mailing list