caching nameserver (was Resolving hostnames takes "forever")

[paul beard]

Matthew Seaman wrote:

Not knowing anything about your site, that's not something I can give
a definite answer to.  However, running a DNS cache on a local LAN
segment is pretty simple to do, and usually improves performance.  If
you run the /etc/namedb/make-localhost script and then fire up the
default named with the config that comes with FreeBSD, it will act as
a caching nameserver.

This answers questions I didn't realize I had . . . .

Couple of niggling details: I found I had to run the make-localhost script from w/in /etc/named. It looks in "." for a needed file, rather than /etc/named. Pehaps set a value for ${NAMED_DIR}?

Next I did these:

Add:

    named_enable="YES"
    named_flags="-u bind -g bind"

to /etc/rc.conf, and put the IP number of your server as the first
choice in /etc/resolv.conf:

    nameserver 12.34.56.78

for the correct value of "12.34.56.78"

I've done this, but I can't get 192.168.2.1 to resolved addresses in nslookup unless I drop into interactive mode and specify it. Examples follow:

[/etc/namedb]# nslookup
*** Can't find server name for address 192.168.2.1: Non-existent host/domain
Default Server: ns1.attbi.com
Address: 204.127.198.4

[/etc/namedb]# nslookup
*** Can't find server name for address 192.168.2.1: Non-existent host/domain
Default Server: ns1.attbi.com
Address: 204.127.198.4

> server 192.168.2.1
Default Server: [192.168.2.1]
Address: 192.168.2.1

> ftp.freebsd.org
Server: [192.168.2.1]
Address: 192.168.2.1

Non-authoritative answer:
Name: ftp.beastie.tdk.net
Address: 62.243.72.50
Aliases: ftp.freebsd.org

Note however that this configuration will allow anyone on the net who
can get packets to port 53 of your server to use your named to do
recursive lookups --- consult the named.conf(5) man page and the
documentation at http://www.isc.org/products/BIND/docs/index.html to
find out how to configure it better.

This looks like something you can do with an acl to permit only your local network(s). I'm not sure how I invoke it after I set it.

As near as I can make out, this is what I need to permit only queries from my local network.

// acl list
acl home {
192.168.2/255.255.255.0
};

allow_query {
address_match_list (home);
};

--
Paul Beard / 8040 27th Ave NE / Seattle WA 98115 /
paulbeard [at] mac [ dot] com / 206 529 8400

weblog @ <http://paulbeard.no-ip.org/movabletype/>

In Seattle, Washington, it is illegal to carry a concealed weapon that
is over six feet in length.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message