Le samedi 29 mars 2014, 23:55:07 Nick Holland a écrit : > On 03/29/14 17:09, Stéphane Guedon wrote: > > Hello > > > > I am currently trying to run two nameserver on the same Openbsd > > server. > > > > The first one is an autoritative (let's say bind or nsd, no one > > cares). the second will be dnsmasq. > > > > You guess the objective of the construction : give local answers > > from dhcp leases to local requests, and give autoritatives for > > the internet requests. > > you are getting sloppy with terms here. You aren't being > authoritative for Internet requests -- you are doing recursive > resolution. You are authoritative on your internal stuff only.
As I speak of my own domain, I think the word autoritative is really correct there > Also... for -current, BIND has been replaced by NSD and Unbound, so > you might wish to run -current for this project to minimize changes > in the near future. That was one of the purpose of this construction : stopping Bind, as its view function is now replaced by this two-sides dns > > That's for the presentation. > > > > I can run dnsmasq on a different port, but how do I give my local > > hosts the idea of interrogating a non standard dns port ? > > Then I though I could drive the traffic from my LAN to the port > > where dnsmasq is running on. > > The easier way is to run your DNS resolver on a different IP > Address, not a different port, than your authoritative DNS. BIND > is something of an address slut, it connects with every address by > default, so you will have to restrict it in the config to just the > ports you want. I don't recall what NSD/Unbound do by default, but > they are at least configurable to not be stupid and connect up with > just the address you want them to connect to. That was what I did first. But Dnsmasq doesn't like it, it doesn't send RA if I restrict adress. > > So...run your resolver on the external port, run the authoritative > on localhost, configure the resolver to query the authoritative (on > 127.0.0.1) for local info, and the general Internet DNS for > everything else. Your DHCP server populates your authoritative > server, your machines query the external address, and all Just > Works. > > And remember: if you wish to get more complicated, you can have lots > of localhosts. (127.0.0.2, 127.0.0.3 ...) and attach different > services to each. > > Nick. Anyway, now it's solved ! I think of writing a blog / tutorial article to document it correctly to the world.
