Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

BIND and views
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
eruditas
n00b
n00b


Joined: 02 Jul 2007
Posts: 52
PostPosted: Sat Jul 11, 2009 9:33 am    Post subject: BIND and views Reply with quote
Helllo all. I'm trying to set up my master dns server for the first time in my life. I red lots of tutorials (like https://forums.gentoo.org/viewtopic-t-402251.html, http://en.gentoo-wiki.com/wiki/BIND and http://www.freebsd.org/doc/en/books/handbook/network-dns.html)
Though, they are very detail and heavily commented I still need to ask some basic questions.
I own my home server. Recently I bought fqdn of my country. I need that people could access my web from the internet, also I need that BIND worked as a DNS server for my lan.
So, the first question is: how many views should I describe in the named.conf? Three? Internet, lan, and local? Or just two? Internet and lan?
The second question is: how many reverse zones there should be? If I will have three views, like I described earlier, should I include in-arpa zones for my local, lan and internet zones, or the third reverse zone should be in my ISP's DNS server?
And the third question is, if my ask my ISP for reverse, they will make a reverse for my fqdn, or every time I will need to add something like another-comp.fqdn.tld I will contact my ISP again and they will make a record in their DNS server.
For now, I think, there will be enough. Thanks for your patience answering my noobish questions, everyone :)
_________________
Same shit, different asshole
Back to top
View user's profile Send private message
CinqueX
n00b
n00b


Joined: 26 Jan 2003
Posts: 58
PostPosted: Sat Jul 11, 2009 2:35 pm    Post subject: Reply with quote
Hi,
Just a quick response while I wait for my own problems with BIND to be resolved.

1) 2 Views. Internal/External will suffice, use network defined ACL's to apply them to their respective networks.
2) The usual set-up is a reverse zone for 127.,and your local private address space (10.0.0.0./8, 172.16.0.0/16, 192.168.1.0./24). Your ISP will host the PTR for your piece of public address-space (/30, /32?).
3) Your ISP will have to define every service you need PTR for on your public address space. In reality, the only PTR records that really matter in the world at large these days are MX. So if you are hosting your own mail servers, you will want a PTR record for each of your MX records. Hosting more than 2 mail servers behind a /32 or /30 is probably excessive.. :)

C.
Back to top
View user's profile Send private message
eruditas
n00b
n00b


Joined: 02 Jul 2007
Posts: 52
PostPosted: Sun Jul 12, 2009 10:02 am    Post subject: Reply with quote
Thanx for your answers :) They helped me configuring my bind server a lot. I've got more one :)
When it comes to web browsing, everything's working well. But i need one more thing to do. When i ssh from my dns server to my university's server through ssh, it shows me something like this:
Code:
Last login: Sun Jul 12 12:59:44 2009 from lan-xx-xx-xx-xx.vln.skynet.lt

But not my domain.tld
http://www.gentoo-wiki.info/FQDN seems to be very outdated. Is there a normal howto?
_________________
Same shit, different asshole
Back to top
View user's profile Send private message
CinqueX
n00b
n00b


Joined: 26 Jan 2003
Posts: 58
PostPosted: Sun Jul 12, 2009 11:13 am    Post subject: Reply with quote
That howto is pretty sound still.

Theres a few things you can do, but a good start is to verify your DNS settings with an external checker. Here is a good free site that does that:

http://www.intodns.com

Without looking at config files etc, I don't know that there's much more I can help you with at this point. That website is a pretty good place to start.
Back to top
View user's profile Send private message
eruditas
n00b
n00b


Joined: 02 Jul 2007
Posts: 52
PostPosted: Sun Jul 12, 2009 11:34 am    Post subject: Reply with quote
There was a little mistake with my iptables, but still... That page shows everything's good, but no domain...

Here are my cfg:
named.conf
Code:

include "/etc/bind/log.conf";

options {
        directory "/var/bind";
        listen-on-v6 { none; };
        listen-on { any; };
        allow-recursion { 127.0.0.1; 192.168.0.1; 192.168.0.2; 192.168.0.3; 192.168.0.4; };
        allow-query { any; };
        zone-statistics yes;
        statistics-file "/var/log/named.stats";
        pid-file "/var/run/named/named.pid";
        notify yes;
};

view "local"  {
        match-clients { 127.0.0.1; };
        recursion yes;
        zone "localhost" IN {
                type master;
                file "pri/domain.local.zone";
        allow-update { none; };
        notify no;
        };
        zone "127.in-addr.arpa" IN {
            type master;
                file "pri/127.in-addr.arpa.zone";
                allow-update { none; };
                notify no;
        };
};

view "lan" {
        match-clients {  192.168.0.0/16; };
        recursion yes;
        zone "domain.lan"  IN {
                type master;
                file "pri/domain.lan.zone";
        };

        zone "0.168.192.in-addr.arpa"  IN {
                type master;
                file "pri/domain.lan.zone";
        };

        zone "0.168.192.in-addr.arpa"  IN {
                type master;
                file "pri/0.168.192.in-addr.arpa.zone";
        };
};

view "public" {
        match-clients { any; };
        recursion no;
        allow-transfer { 83.171.8.8; };
        zone "domain" IN {
                type master;
                file "pri/domain.lt.zone";
        };
};


domain.lt.zone
Code:
$ORIGIN domain.lt.
$TTL 7200
@               IN      SOA     ns1.domain.lt.     admin   (
                                        2009071401      ; Serial
                                        28800           ; Refresh 8h
                                        7200            ; Retry 2h
                                        604800          ; Expiry 7d
                                        86400           ; Minimum 1d
                                        )
                        NS      ns1.domain.lt.
                        NS      ns2.domreg.lt.
                        A       84.240.22.165
                        MX      10      mail.domain.lt.

;servai
ns1             A       84.240.22.165
mail            A       84.240.22.165
admin           A       84.240.22.165
euphoria        A       84.240.22.165
fiasko          A       84.32.111.100

;aliasai
www             CNAME   @


domain.lan.zone
Code:
$ORIGIN domain.lt.
$TTL 7200
@    IN      SOA     ns1.domain.lt.     admin    (
                                        2009071201      ; Serial
                                        28800           ; Refresh 8h
                                        7200            ; Retry 2h
                                        604800          ; Expiry 7d
                                        86400           ; Minimum 1d
                                        )
                NS      ns1.domain.lt.
                A       192.168.0.1
                MX      10      mail.domain.lt.

;servai
ns1             A       192.168.0.1
mail            A       192.168.0.1
admin           A       192.168.0.1

;aliasai
www             CNAME   @

/etc/conf.d/hostname
Code:
HOSTNAME="euphoria"

/etc/conf.d/net
Code:
mac_eth0="xx:xx:xx:xx:xx:xx"
config_eth0=( "dhcp" )
dhcp_eth0=( "nodns nontp nonis" )
dns_domain="domain.lt"

bridge_br0="eth1 eth2 eth3"
config_br0=( "192.168.0.1 broadcast 192.168.0.255 netmask 255.255.255.0" )
config_eth1=( "null" )
config_eth2=( "null" )
config_eth3=( "null" )

_________________
Same shit, different asshole
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy