# Authoritative(?) and caching DNS server help



## stratacast1 (Feb 21, 2018)

Here in just a bit I plan on setting up a jail on my server to handle my DNS queries in my house. And honestly, I suck at DNS. I understand that I want to set up my server to do caching so, say, when I visit the freebsd forums my DNS jail cache will be checked first before going to the Internet. Additionally, I have a few local services running in jails that I have local DNS records set for on my router. So would that then require I use authoritative DNS too? My goal here would be to have my DHCP server tell local machines to use my internal DNS server as its primary DNS so when they type in the name to my server, it goes there. For whatever way I need to set this up, what DNS server do you recommend? I don't think BIND would be suitable for this, I also see unbound and powerdns as options


----------



## Snurg (Feb 21, 2018)

https://forums.freebsd.org/threads/howto-jailed-unbound-dnscrypt-proxy-with-dnssec.48966/

Works fine here.
Just put your local machine names (and their domains if any) into the jails' /etc/hosts and let this be your "authoritative" server.


----------



## SirDice (Feb 21, 2018)

stratacast1 said:


> My goal here would be to have my DHCP server tell local machines to use my internal DNS server as its primary DNS so when they type in the name to my server, it goes there. For whatever way I need to set this up, what DNS server do you recommend? I don't think BIND would be suitable for this, I also see unbound and powerdns as options


Actually, I would recommend BIND because you can link DHCP and DNS to get DDNS. Which means that any host that receives an IP address through DHCP will automatically be registered in DNS. But in order for BIND to work properly you do need to have some intimate knowledge of DNS. So it may be a little over your head right now.

Alternatively you may want to have a look at dns/dnsmasq, it's a DHCP and DNS service rolled into one convenient application.


----------



## rudelgurke (Feb 21, 2018)

Personally I run unbound + nsd. If you just have a couple of records, Unbound can serve these too with the local-data options.


----------



## stratacast1 (Feb 22, 2018)

I'll take a look at all these suggestions, thanks! Right now my DNS skills are very pathetic. I have a general understanding of how things work on a systems level, and I know how to maintain an existing server, but I have no idea how to set up my own and what I have spent the time to learn about DNS has been quickly forgotten. 

I am setting up a *BSD router as soon as I get the right modem cable to actually configure the router...maybe I could run dnsmasq on there instead and roll up all those services into that. I'm also considering popping this into my server so I can block all these scummy domains at my house


----------

