On 03/29/14 17:09, Stéphane Guedon wrote: > Hello > > I am currently trying to run two nameserver on the same Openbsd > server. > > The first one is an autoritative (let's say bind or nsd, no one cares). > the second will be dnsmasq. > > You guess the objective of the construction : give local answers from > dhcp leases to local requests, and give autoritatives for the internet > requests.
you are getting sloppy with terms here. You aren't being authoritative for Internet requests -- you are doing recursive resolution. You are authoritative on your internal stuff only. Also... for -current, BIND has been replaced by NSD and Unbound, so you might wish to run -current for this project to minimize changes in the near future. > That's for the presentation. > > I can run dnsmasq on a different port, but how do I give my local hosts > the idea of interrogating a non standard dns port ? > Then I though I could drive the traffic from my LAN to the port where > dnsmasq is running on. The easier way is to run your DNS resolver on a different IP Address, not a different port, than your authoritative DNS. BIND is something of an address slut, it connects with every address by default, so you will have to restrict it in the config to just the ports you want. I don't recall what NSD/Unbound do by default, but they are at least configurable to not be stupid and connect up with just the address you want them to connect to. So...run your resolver on the external port, run the authoritative on localhost, configure the resolver to query the authoritative (on 127.0.0.1) for local info, and the general Internet DNS for everything else. Your DHCP server populates your authoritative server, your machines query the external address, and all Just Works. And remember: if you wish to get more complicated, you can have lots of localhosts. (127.0.0.2, 127.0.0.3 ...) and attach different services to each. Nick.
