Just a quick question about BIND
-
What are BIND Built-in ACL
none - :)
any - is the any defined 0.0.0.0/0
localhost - is the localhost defined as 127.0.0.0/8 ?????
localnets - ??????? local nets I use or the whole RFC1918 ????Thank you
-
@xlameee said in Just a quick question about BIND:
What are BIND Built-in ACL
https://www.zytrax.com/books/dns/ch7/acl.html
So I tend to say : "localhost" if you didn't make your own / if there isn't already a defined :
acl acl-name { address_match_list };
which matches other DNS solutions like unbound and dnsmasq.
-
@gertjan Thank you
-
One more question
I installed BIND package on my downstream pfsense but I will install on my primary pfsense where all traffic is going to the internet, but first I need to test it to handle my downstream networks
So...
I set in the Settings to listen on: all vlans, but there is an option on the bottom
"Forwarder Configuration" should I set this "Forwarder IPs" to my upstream resolver or, if this option is not enabled it will simply look what DNS Servers set on System/General Settings ????and....
In "Views" I have created and called "localview" where
Recursion - Yes
match-clients - Any
but...
allow-recursion - currently set to ANY, but this will be used for local zones isn't more secure to be set to "localnets" then "any" no matter if that is my downstream or upstream pfsenseThank you
-
Sorry, can't tell.
I use bind a lot, but not with pfSense.
I edit the bind file config files manually, during setup. After that, they don't need any modification any more - except when I remove or add a domain name..
I'm using bind as the domain name server(s) for my domains. And as a local resolver for the server it's running on. -
@gertjan Thank you
I hope someone else can help me setup BIND the right way this time (Last time was disaster) My network grown a lot and I am forced to learn how to properly setup DNS to bring back order to my network
Small pieces at the time will give me some bases, after that I will take care of the rest. It is not hard, but DNS have so many options that are confusing me
Thank you
-
bind is comparable to apache2, nginx, postfix : these have huge range of possible configuration settings, hundreds of option that set or left to default.
Typically, you should isolate such a program, set up a test bed network and 'play' with.
At least, taht is what I would do. But I don't know what you want do, why etc etc.
Take note that the Internet itself is based on these 4 program and there are billions of help pages, case studies, examples, questions/answers etc.
So, it boils down to a "don't ask, just do it" ;)@xlameee said in Just a quick question about BIND:
I hope someone else ....
That some one else should be on site (for a while), or it would be some admin that accesses and knows your infrastructure very well.
-
@gertjan Hello
I build my infrastructure It is not large in hardware perspective, but I've started to to integration of many apps that will have to have to be on a separate domains. Until now the internal resolver did the job, but now ... I need actual dns server.
This is strange everywhere I open a discussion about BIND and DNS all I am getting is go somewhere else!!!!!! Never had a straight answer like this functions is for that that function is for that or if you want to do this just do this and this !!!! Never mind.
Typically, you should isolate such a program, set up a test bed network and 'play' with.
That's what I am doing right now I have a downstream network behind an other pfSense Firewall and that's where I am testing it. I also have a Ubuntu server behind this firewall with Virtualmin and BIND9 package installed with few test websites, but what I am trying to understand is some terminology and functions of BIND.
So...
I set in the Settings to listen on: all vlans, but there is an option on the bottom
"Forwarder Configuration" should I set this "Forwarder IPs" to my upstream resolver or, if this option is not enabled it will simply look what DNS Servers set on System/General Settings ????and....
In "Views" I have created and called "localview" where
Recursion - Yes
match-clients - Any
but...
allow-recursion - currently set to ANY, but this will be used for local zones isn't more secure to be set to "localnets" then "any" no matter if that is my downstream or upstream pfsenseThank you