On Sun, Sep 18, 2005 at 10:34:30AM +0100, ed wrote:
> Steve B <[EMAIL PROTECTED]> wrote:
>
> > I'm a little confused on the topic of running Bind on OBSD. I've read
> > the Secure Architectures book, some material at
> > http://www.aei.ca/~pmatulis/pub/obsd_pf.html and a few other places.
o'reilly DNS and BIND.
cakewalk; you'll come out of it with no more confusion at all.
> > My goal is to provide DNS to my local LANs and probably act as a
> > caching/forwarding DNS.
> > What confuses me is 1) where to put my db.wired and db.1.168.192 files
already answered by someone, but again, /var/named/master is a sensible
target.
> > 2) what to add to named.conf to put
> > these files to use, and
zone "1.168.192.in-addr.arpa" IN {
type master;
file "master/db.1.168.192";
};
zone "wired" IN {
type master;
file "master/db.wired";
};
put these, as a suggestion, under the "// Master zones" section of the
default named.conf, because the heading is already there, so you might
as well take advantage of it <G>.
> > 3) how to configure named.conf for
> > caching/forwarding.
> >
> > Some articles I've read via Google say the default named.conf is
> > configured as a caching nameserver and to simply start the named
> > daemon
the /var/named/etc/named.conf that comes in openbsd is good to go
as a local caching resolver. just start it. it will recurse/resolve
for you anything you ask it(or at least try to).
it will only answer queries from ::1 and 'localnets'. localnets is
referenced in the html on your filesystem i point to below, just read the
'acl statement grammar' section. as long as you have pf filtering
queries from the world (which, if you're just using this as a
caching resolver and locally-authoritative-only server, is probably
what you're doing), you're set.
> >, while others say the forwarders first and forwarders options
> > must be entered.
only if you're using forward zones, which the default openbsd named.conf
does not. anyone saying that you have to do that is hopefully talking
about a different OS.
> Try dnscache part of djbdns from http://cr.yp.to, its very good and
> efficient, also rather secure compared to BIND (Buggy Internet Name
> Daemon).
bah, screw djb.
use software in base before software in ports; use software in ports
before software not in base or ports. exceptions for good reasons
are of course, exceptions. but someone who just wants to "turn on some
DNS for their LAN" doesn't have a good reason to use (DNS) software which
is wholly unsupported in the (s/the/this) community.
jared
/usr/share/doc/html/bind/Bv9ARM.html
-
[ openbsd 3.7 GENERIC ( sep 10 ) // i386 ]
