BIND 9 on a dynamic ip address - FreeBSD

[Ryan]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello, I am hoping to set up a DNS server for my home network just for
the sake of learning BIND. Unfortunately, I have a PPPoE connects
(wireless broadband) with a dynamic ip address. At the moment, I use
dyndns just so I have a hostname and I would like to keep using
dyndns. All I am looking to do is to use bind for hosts in my network
and have a local dns cache. I do not plan on pointing any domains to
my nameservers. Would this be possible? Or will there be problems that
I am not foreseeing? I am really new at this, that is why I would like
to leard bind.

Thanks in advance.

- - Ryan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCWS13TMDaAcJxvKgRAmKiAJ9mwpRW2lz3KFRka9jtf0 SSV7I1UgCgsobJ
ZrzY9MrVXEK6g0eUcPESq2g=
=b6RX
-----END PGP SIGNATURE-----

[Andrew]

Ryan J. Cavicchioni wrote: 


If you have a stable LAN ip address, it's not a
problem. Configure BIND to listen on it and the
dynamic address you get to use internet won't
bother anyone (even BIND itself).

On the other hand, configuring a DNS server
listening on a dynamic IP address is a really
bad idea.

BIND 9 Administrator Reference Manual is a
good place to start (I started there a few
weeks ago).

http://www.bind9.net/manual/bind/9.3.1/Bv9ARM.html


Best wishes,
Andrew P.

[Ash]

Andrew P. wrote: 
>
>
>
> If you have a stable LAN ip address, it's not a
> problem. Configure BIND to listen on it and the
> dynamic address you get to use internet won't
> bother anyone (even BIND itself).
>
> On the other hand, configuring a DNS server
> listening on a dynamic IP address is a really
> bad idea.
>
> BIND 9 Administrator Reference Manual is a
> good place to start (I started there a few
> weeks ago).
>
> http://www.bind9.net/manual/bind/9.3.1/Bv9ARM.html
>
>
> Best wishes,
> Andrew P.
> _______________________________________________
> org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "org"[/ref]


Adding to Andrew's comments. If you do not have a LAN interface, you
should be able to use a loopback (lo(4) interface to test things with.
You will^H^H^H^Hshould always have lo0 up and listening to 127.0.0.1
(/8). You can bring up other instances of lo(4) with ifconfig(8) and
treat it as you would any other interface. For example if you want to
create lo1, you would type:

# ifconfig lo1 create

If you do have a local network, you can run bind without any
difficulties on just your local network without any problems. You just
want to be sure that you don't tell your servers that they are
authoritative for a real domain (e.g. freebsd.com) or else you won't be
able to resolve any host/sub-domain from freebsd.com. You can safely
pick a non-valid domain without expecting to run into problems. An
example would be my.lan (e.g. host1.my.lan host2.my.lan). Since .lan is
not a valid TLD (at least today), you can expect to use it without
running into any collisions. I believe Cisco uses .lan as a fake "TLD"
in some of their lower end equipment (e.g. wireless APs/routers).

Good luck!

-Ash

[Ryan]

Thank you for the replies. Ash, can I use my dynamic dns hostname as
the domain which actually points to my network? Would that still be
trouble?

Ash wrote:
 
>>
>>
>>
>>
>> If you have a stable LAN ip address, it's not a problem.
>> Configure BIND to listen on it and the dynamic address you get to
>> use internet won't bother anyone (even BIND itself).
>>
>> On the other hand, configuring a DNS server listening on a
>> dynamic IP address is a really bad idea.
>>
>> BIND 9 Administrator Reference Manual is a good place to start (I
>> started there a few weeks ago).
>>
>> http://www.bind9.net/manual/bind/9.3.1/Bv9ARM.html
>>
>>
>> Best wishes, Andrew P.
>> _______________________________________________
>> org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions To
>> unsubscribe, send any mail to
>> "org"[/ref]
>
>
>
> Adding to Andrew's comments. If you do not have a LAN interface,
> you should be able to use a loopback (lo(4) interface to test
> things with. You will^H^H^H^Hshould always have lo0 up and
> listening to 127.0.0.1 (/8). You can bring up other instances of
> lo(4) with ifconfig(8) and treat it as you would any other
> interface. For example if you want to create lo1, you would type:
>
> # ifconfig lo1 create
>
> If you do have a local network, you can run bind without any
> difficulties on just your local network without any problems. You
> just want to be sure that you don't tell your servers that they are
> authoritative for a real domain (e.g. freebsd.com) or else you
> won't be able to resolve any host/sub-domain from freebsd.com. You
> can safely pick a non-valid domain without expecting to run into
> problems. An example would be my.lan (e.g. host1.my.lan
> host2.my.lan). Since .lan is not a valid TLD (at least today), you
> can expect to use it without running into any collisions. I believe
> Cisco uses .lan as a fake "TLD" in some of their lower end
> equipment (e.g. wireless APs/routers).
>
> Good luck!
>
> -Ash _______________________________________________
> org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions To
> unsubscribe, send any mail to
> "org"
>
>[/ref]

[Ryan]

All I am really looking to do is learn DNS and BIND as well as host my
own local DNS server for faster DNS lookups within my home network.
Would using the invalid LAN domain have any negative afters on my web or
ftp server? I am really new at BIND, sorry if I seem clueless. Thank you
for taking the time to help me out.

Ash wrote:
 
>
>
> You can use your dynamic host name as the domain, however I'm not
> really sure why you would want to. By definition dynamic domain names
> change; Why would you want to reconfigure your DNS server
> configuration files as well as all of your hosts every time your ISP
> assigns a new IP/host name to you?
>
> I don't see any advantage in using your dynamic host name over an
> invalid TLD. What are the goals that you are trying to resolve by
> using your dynamic host name as your local LAN's domain name? Perhaps
> we can come up with a solution that requires less work, but still
> addresses your concerns.
>
> -Ash
>[/ref]

[Ryan]

Sorry for the typo ... "afters" should be "effects". Oops. :-P.

Ryan J. Cavicchioni wrote:
 
>>You can use your dynamic host name as the domain, however I'm not
>>really sure why you would want to. By definition dynamic domain names
>>change; Why would you want to reconfigure your DNS server
>>configuration files as well as all of your hosts every time your ISP
>>assigns a new IP/host name to you?
>>
>>I don't see any advantage in using your dynamic host name over an
>>invalid TLD. What are the goals that you are trying to resolve by
>>using your dynamic host name as your local LAN's domain name? Perhaps
>>we can come up with a solution that requires less work, but still
>>addresses your concerns.
>>
>>-Ash
>>
>>
>>[/ref]
>_______________________________________________
>org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "org"
>
>
>
>[/ref]

[Christopher]

> 
>>
>> 
>>[/ref][/ref]

If I understand correctly what you want to do, what you name your
network internally isn't connected to your dynamic DNS hostname at all.
The dynamic DNS hostname only gets internet traffic to your firewall.
Your firewall rules tell your firewall what to do with inbound connections.

So your external hostname might be "cavicchioni.dyndns.org" But
internally, your network can have whatever name you want. For instance,
if you were a Star Trek fan, and had all your computers named after
characters on Star Trek, you might name your internal network
"ryantrek.lan". If you try to access cavicchioni.dyndns.org from a
computer on your internal network, it has to go out to an external DNS
server to get your external (dynamic) IP, and it will essentially route
back to yourself, and your firewall rules will determine what happens to
your connection. But if you want to access "spock.ryantrek.lan" from
your internal network, it only goes to your local DNS server, and you
connect directly to spock. Note that your dynamic dns hostname and your
local network hostnames aren't connected in any way.

Also note that ".lan" is an invalid TLD on the internet, but to my
(probably warped) way of thinking, that's a bonus, as there will never
be a site on the internet called ryantrek.lan that you might want to
visit and not be able to because of your internal DNS.

Or maybe I've misunderstood and this whole explanation is worthless. ;)

Finally, I found the website http://www.sendmail.org/tips/private-dns/
to be very helpful in setting up my local DNS server. YMMV.

Christopher