Setup of DNS caching name server for home server
Mikkel
mikkel at infinity-ltd.com
Fri Sep 25 16:56:31 UTC 2009
Steven W. Orr wrote:
> On 09/24/09 16:49, quoth Bruno Wolff III:
>> On Thu, Sep 24, 2009 at 16:04:03 -0400,
>> "Steven W. Orr" <steveo at syslang.net> wrote:
>>> What I want to do is to set up the DNS Caching Nameserver. The goal is:
>>> * for saturn to use OpenDNS.org
>>> * For client machines in my network to use saturn via the caching server
>> Do you know that you can set up your own resolver/cache instead of a
>> forwarder/cache and then not have to deal with opendns?
>
> Ok. I'll byte. Where do I start reading? Somebody has to be my resolver.
> Either I pick it or it's assigned to me by my ISP. Either way,m it seemed like
> a good idea to cache what I collected and then to make my machines on the
> inside of my net take advantage of the cache. What am I missing? And I don't
> understand the difference between what you're saying as different between a
> resolver cache vs a forwarder cache.
>
>
While you are reading, you may want to check into some of the other
name server. I like dnsmasq, but you should find what works best for
you. The advantage is easy setup. For example, dnsmasq can read your
/etc/hosts file, and add that, instead of you having to set up a
zone file for the local network. It can also operate as a dhcp
server, and automatically incorporate the IP addresses. With a
slight change to the dhclient configuration on saturn, you can have
it use your ISP's assigned name servers if you want.
One disadvantage is that they do not usually run in a chroot
environment, so there may be a bit more of a security risk. But when
it is only going to be assessable by the local network, and the fact
that it tends to be a lot simpler code, I believe the risk evens
out. You both tell it to only respond to requests for the interface
for the local network, and firewall off connection attempts from the
Internet. (You would want to do the same thing with bind.)
Bind has a lot of nice features, but few of them are needed for a
home or small office network. They are necessary if you are running
an Internet accessible name server.
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20090925/a0230118/attachment-0001.sig>
More information about the fedora-list
mailing list