DNS newbie, request for comments

To: debian-user@lists.debian.org
Subject: DNS newbie, request for comments
From: Ismael Valladolid Torres <ismael@sambara.org>
Date: Sat, 6 Sep 2003 12:27:42 +0200
Message-id: <[🔎] 20030906102742.GB5363@karttikeya>
Mail-followup-to: debian-user@lists.debian.org

Hi,

I have set up a DNS server for the first time. I am using bind9 from
Debian stable. This is to serve an Intranet, whose users have access
to Internet, but the domain used is not registered there (it's only
for internal use).

I'd like to know about my setup, whether it is correct or I am being
exceedengly stupid somewhere.

The DNS server has 192.168.1.80 as IP address. First of all, I have
added these lines to my /etc/bind/named.conf file:

        forwarders {
                212.25.129.66;
                212.25.129.2;
        };

        listen-on port 53 {
                192.168.1.80;   # listen on local interface only
                127.0.0.1;      # Make sure machine can get to itself
        };

The forwarders are the nameservers for our ISP. This seem to work
great, as the Intranet machines now only have to specify 192.168.1.80
as the nameserver address, and the server resolves for them both
internal and external domains.

After the options clause closes, I put:

// prime the server with knowledge of the root servers
// zone "." {
//      type hint;
//      file "/etc/bind/db.root";
// };

I have commented out this. I read somewhere that, serving an Intranet,
one should drop the root hints. I am not sure whether this is proper
or not, thanks in advance for confirming this.

Next zones are not commented out:

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

I once saw a sample config, adding 'allow-update { none; };' to each
one of these zones. What is this for? Should I also add this option in
my Intranet setup?

My Intranet zone is defined as follows:

zone "oberthurma.com" {
        type master;
        file "/etc/bind/db.oberthurma.com";
        # allow-transfer { any; };
        allow-update { none; };
        notify no;
};

And the zone file (/etc/bind/db.oberthurma.com) is like this:

@ IN SOA ns.oberthurma.com. hostmaster.oberthurma.com. (
        2003090401      ; serial, todays date + todays serial #
        8H              ; refresh, seconds
        2H              ; retry, seconds
        4W              ; expire, seconds
        1D              ; minimum, seconds
)
        NS      ns                      ; Inet Address of name server
        MX 10   mail.oberthurma.com.    ; Primary Mail Exchanger
        MX 20   mail.oberthurma.com.    ; Secondary Mail Exchanger

ns              IN A    192.168.1.80
mail            IN A    192.168.1.80

maserv01        IN A    192.168.1.2
maserv02        IN A    192.168.1.80

imap    IN CNAME        maserv02
pop     IN CNAME        maserv02
smtp    IN CNAME        maserv02

My feeling about this is, the mail exchangers are not going to be
used, as any mail client in the Intranet is going to use the server as
a smarthost, instead of using SMTP directly. So, are the MX records
mandatory? Is it mandatory to include a secondary MX, where its
exchanger name is the same as the primary MX?

I also added a reverse zone, but I think it's of no interest, here.

Thanks in advance for pointing any mistake in the named.conf or in the
zone files. Nevertheless up to today, everything seems to work in a
smooth way. Anyway, any feedback will be very useful for me.

Regards, Ismael
-- 
"Tout fourmille de commentaries; d'auteurs il en est grande cherté"

Reply to:

Prev by Date: Re: Traction (was Re: OT: Debian Mailinglist server slow?)
Next by Date: Re: Which release
Previous by thread: Re: Emacs not creating cvs backups
Next by thread: keymap
Index(es):
- Date
- Thread