DNS newbie, request for comments
Hi,
I have set up a DNS server for the first time. I am using bind9 from
Debian stable. This is to serve an Intranet, whose users have access
to Internet, but the domain used is not registered there (it's only
for internal use).
I'd like to know about my setup, whether it is correct or I am being
exceedengly stupid somewhere.
The DNS server has 192.168.1.80 as IP address. First of all, I have
added these lines to my /etc/bind/named.conf file:
forwarders {
212.25.129.66;
212.25.129.2;
};
listen-on port 53 {
192.168.1.80; # listen on local interface only
127.0.0.1; # Make sure machine can get to itself
};
The forwarders are the nameservers for our ISP. This seem to work
great, as the Intranet machines now only have to specify 192.168.1.80
as the nameserver address, and the server resolves for them both
internal and external domains.
After the options clause closes, I put:
// prime the server with knowledge of the root servers
// zone "." {
// type hint;
// file "/etc/bind/db.root";
// };
I have commented out this. I read somewhere that, serving an Intranet,
one should drop the root hints. I am not sure whether this is proper
or not, thanks in advance for confirming this.
Next zones are not commented out:
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
I once saw a sample config, adding 'allow-update { none; };' to each
one of these zones. What is this for? Should I also add this option in
my Intranet setup?
My Intranet zone is defined as follows:
zone "oberthurma.com" {
type master;
file "/etc/bind/db.oberthurma.com";
# allow-transfer { any; };
allow-update { none; };
notify no;
};
And the zone file (/etc/bind/db.oberthurma.com) is like this:
@ IN SOA ns.oberthurma.com. hostmaster.oberthurma.com. (
2003090401 ; serial, todays date + todays serial #
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ; minimum, seconds
)
NS ns ; Inet Address of name server
MX 10 mail.oberthurma.com. ; Primary Mail Exchanger
MX 20 mail.oberthurma.com. ; Secondary Mail Exchanger
ns IN A 192.168.1.80
mail IN A 192.168.1.80
maserv01 IN A 192.168.1.2
maserv02 IN A 192.168.1.80
imap IN CNAME maserv02
pop IN CNAME maserv02
smtp IN CNAME maserv02
My feeling about this is, the mail exchangers are not going to be
used, as any mail client in the Intranet is going to use the server as
a smarthost, instead of using SMTP directly. So, are the MX records
mandatory? Is it mandatory to include a secondary MX, where its
exchanger name is the same as the primary MX?
I also added a reverse zone, but I think it's of no interest, here.
Thanks in advance for pointing any mistake in the named.conf or in the
zone files. Nevertheless up to today, everything seems to work in a
smooth way. Anyway, any feedback will be very useful for me.
Regards, Ismael
--
"Tout fourmille de commentaries; d'auteurs il en est grande cherté"
Reply to: