# local DNS setup



## FestusHagen (Dec 8, 2009)

Hi all,

I really don't have a question, However I am in hopes that someone with DNS knowledge would confirm my setup before putting it into operation.

I'd really hate to send spurious traffic from my network.

mydomain.com is registered and hosted offsite, I do not want to mess with that.

My private network is using the same domain name (mydomain.com), using different IP's, No access from the outside in... Nor do I want there to be!

Keeping it simple at this point, I will need to add www later.

Suggestions, Tips welcome.

The files:
  named.conf
  mydomain/mydomain.fwd
  mydomain/mydomain.rev

File        : named.conf

```
//
// File        : named.conf
// Upstream DNS: 10.1.1.1
// Last update : 20090612@1400
//
options {
	directory	"/etc/namedb";
	pid-file	"/var/run/named/pid";
	dump-file	"/var/dump/named_dump.db";
	statistics-file	"/var/stats/named.stats";
// fh	listen-on	{ 127.0.0.1; };
	forwarders {
		10.1.1.1;
	};
};

zone "."			{
	type hint;
	file "named.root";
	};
zone "localhost"			{
	type master;
	file "master/localhost-forward.db";
	};
zone "127.in-addr.arpa"		{
	type master;
	file "master/localhost-reverse.db";
	};
zone "mydomain.com"		{
	type master;
	file "mydomain/mydomain.fwd";
	};
zone "1.1.10.in-addr.arpa"	{
	type master;
	file "mydomain/mydomain.rev";
	}
```

File       : mydomain.fwd

```
; File       : mydomain.fwd
; Last update: 20090612@1400
;
@	IN SOA  mydomain.com.	root.nas.mydomain.com.        (
			961230	; Serial
			3600	; Refresh
			300	; Retry
			3600000	; Expire
			3600  )	; Minimum
	IN NS	nas.mydomain.com.

mydomain.com.		IN A	10.1.1.2
nas.mydomain.com.	IN A	10.1.1.2	; Server - FreeBSD
fbsd.mydomain.com.	IN A	10.1.1.3	; WS - FreeBSD
```

File       : mydomain.rev

```
; File       : mydomain.rev
; Last update: 20090612@1400
;
@	IN SOA  mydomain.com.	root.nas.mydomain.com.        (
				961230	; Serial
				3600	; Refresh
				300	; Retry
				3600000	; Expire
				3600  )	; Minimum

	IN NS	nas.mydomain.com.
2	IN PTR	mydomain.com.
2	IN PTR  nas.mydomain.com.
3	IN PTR	fbsd.mydomain.com.
```

Thanks

-Enjoy
fh  : )_~


----------



## J65nko (Dec 8, 2009)

You are now using *com* as Top Level Domain (TLD) name for your local LAN.
For local LAN usage you better select a TLD name that does not clash with existing ones.


----------



## DutchDaemon (Dec 8, 2009)

Having multiple PTR records for an IP address is not disallowed, but also not advisable (see e.g. http://en.wikipedia.org/wiki/Reverse_DNS_lookup).


----------



## Deleted member 9563 (Dec 8, 2009)

How many private IPs do you have? If it's only a page worth then it might be easier to just put a list of aliases in the host files. It's certainly simpler. I'm no network expert, but wouldn't running a local DNS cause more overhead by referring all outside requests through there as well?


----------



## mickey (Dec 8, 2009)

OJ said:
			
		

> but wouldn't running a local DNS cause more overhead by referring all outside requests through there as well?



One of the intended purposes of running a local DNS server is to have it act as a caching name server, which reduces traffic on your uplink.


----------



## FestusHagen (Dec 9, 2009)

Hi All,

Thanks for the responses!



			
				J65nko said:
			
		

> You are now using *com* as Top Level Domain (TLD) name for your local LAN.
> For local LAN usage you better select a TLD name that does not clash with existing ones.



As I understand it, this should affect NOTHING outside the private lan?
That is what I am trying to confirm.

Within the private lan it will prevent the use of mydomain.com to access the public mydomain.com and that is perfectly fine.




			
				DutchDaemon said:
			
		

> Having multiple PTR records for an IP address is not disallowed, but also not advisable (see e.g. http://en.wikipedia.org/wiki/Reverse_DNS_lookup).



Makes sense!
Fixed.
Thank you!




			
				OJ said:
			
		

> How many private IPs do you have? If it's only a page worth then it might be easier to just put a list of aliases in the host files. It's certainly simpler. I'm no network expert, but wouldn't running a local DNS cause more overhead by referring all outside requests through there as well?



As mickey already stated, There are multiple reasons for having a local DNS server, But the fact is, in this case it's brain food!


Current fwd & rev files:

File: mydomain.com.fwd

```
; mydomain.com.fwd
; 20091208@0341
;
$TTL 3600	; 1 hour default TTL
@	IN SOA  mydomain.com.	root.nas.mydomain.com.        (
			961230	; Serial
			3600	; Refresh
			300	; Retry
			3600000	; Expire
			3600  )	; Minimum
; DNS Servers
	IN NS	nas.mydomain.com.

; Machine Names
mydomain.com.		IN A	10.1.1.2	; Server
nas.mydomain.com.	IN A	10.1.1.2	; Server - FreeBSD
fbsd.mydomain.com.	IN A	10.1.1.3	; WS - FreeBSD
hplj4550.mydomain.com.	IN A	10.1.1.100	; HP Color LasterJet 4550

; Aliases
www			IN	CNAME	mydomain.com.
```

File: mydomain.com.rev

```
; mydomain.com.rev
; 20091208@0341
;
$TTL 3600        ; 1 hour default TTL
@	IN SOA  mydomain.com.	root.nas.mydomain.com.        (
				961230	; Serial
				3600	; Refresh
				300	; Retry
				3600000	; Expire
				3600  )	; Minimum

	IN NS	nas.mydomain.com.
2	IN PTR  nas.mydomain.com.
3	IN PTR	fbsd.mydomain.com.
100	IN PTR	hplj4550.mydomain.com.
```

How they look now??
This setup is not going to send (advertise) anything outside the lan is it??

Thanks all!

-Enjoy
fh  : )_~


----------



## SirDice (Dec 9, 2009)

You may also want to add these to named.conf:

```
zone "255.in-addr.arpa" { type master; file "master/empty.db"; };
       zone "0.in-addr.arpa"           { type master; file "master/empty.db"; };
        zone "1.in-addr.arpa"           { type master; file "master/empty.db"; };
        zone "2.in-addr.arpa"           { type master; file "master/empty.db"; };
        zone "223.in-addr.arpa"         { type master; file "master/empty.db"; };
        zone "14.in-addr.arpa"          { type master; file "master/empty.db"; };
        zone "10.in-addr.arpa"          { type master; file "master/empty.db"; };
        zone "16.172.in-addr.arpa"      { type master; file "master/empty.db"; };
        zone "17.172.in-addr.arpa"      { type master; file "master/empty.db"; };
        zone "18.172.in-addr.arpa"      { type master; file "master/empty.db"; };
        zone "19.172.in-addr.arpa"      { type master; file "master/empty.db"; };
        zone "20.172.in-addr.arpa"      { type master; file "master/empty.db"; };
        zone "21.172.in-addr.arpa"      { type master; file "master/empty.db"; };
        zone "22.172.in-addr.arpa"      { type master; file "master/empty.db"; };
        zone "23.172.in-addr.arpa"      { type master; file "master/empty.db"; };
        zone "24.172.in-addr.arpa"      { type master; file "master/empty.db"; };
        zone "25.172.in-addr.arpa"      { type master; file "master/empty.db"; };
        zone "26.172.in-addr.arpa"      { type master; file "master/empty.db"; };
        zone "27.172.in-addr.arpa"      { type master; file "master/empty.db"; };
        zone "28.172.in-addr.arpa"      { type master; file "master/empty.db"; };
        zone "29.172.in-addr.arpa"      { type master; file "master/empty.db"; };
        zone "30.172.in-addr.arpa"      { type master; file "master/empty.db"; };
        zone "31.172.in-addr.arpa"      { type master; file "master/empty.db"; };
        zone "168.192.in-addr.arpa"     { type master; file "master/empty.db"; };
        zone "254.169.in-addr.arpa"     { type master; file "master/empty.db"; };
        zone "2.0.192.in-addr.arpa"     { type master; file "master/empty.db"; };
        zone "18.198.in-addr.arpa"      { type master; file "master/empty.db"; };
        zone "19.198.in-addr.arpa"      { type master; file "master/empty.db"; };
        zone "240.in-addr.arpa"         { type master; file "master/empty.db"; };
        zone "241.in-addr.arpa"         { type master; file "master/empty.db"; };
        zone "242.in-addr.arpa"         { type master; file "master/empty.db"; };
        zone "243.in-addr.arpa"         { type master; file "master/empty.db"; };
        zone "244.in-addr.arpa"         { type master; file "master/empty.db"; };
        zone "245.in-addr.arpa"         { type master; file "master/empty.db"; };
        zone "246.in-addr.arpa"         { type master; file "master/empty.db"; };
        zone "247.in-addr.arpa"         { type master; file "master/empty.db"; };
        zone "248.in-addr.arpa"         { type master; file "master/empty.db"; };
        zone "249.in-addr.arpa"         { type master; file "master/empty.db"; };
        zone "250.in-addr.arpa"         { type master; file "master/empty.db"; };
        zone "251.in-addr.arpa"         { type master; file "master/empty.db"; };
        zone "252.in-addr.arpa"         { type master; file "master/empty.db"; };
        zone "253.in-addr.arpa"         { type master; file "master/empty.db"; };
        zone "254.in-addr.arpa"         { type master; file "master/empty.db"; };
```

I also advise in adding localhost to your domain, pointing at 127.0.0.1 of course.


----------



## FestusHagen (Dec 9, 2009)

SirDice,

Thanks for your input.



			
				SirDice said:
			
		

> You may also want to add these to named.conf:
> 
> ```
> zone "255.in-addr.arpa" { type master; file "master/empty.db"; };
> ...



Yea, I wacked all that, couldn't find much info on it all ... 
So I have started the named.conf over based on the default named.conf.
All I have done is clean it up a little removing comments and examples, then made these changes.

Commented out the following:

```
// fh	listen-on	{ 127.0.0.1; };
```

Edited the following:

```
forwarders {
		10.1.1.1;
	};
```

Added these two lines:

```
zone "mydomain.com"			{ type master; file "mydomain/mydomain.com.fwd"; };
zone "1.1.10.in-addr.arpa"	{ type master; file "mydomain/mydomain.com.rev"; };
```

The complete named.conf:

```
//
// named.conf
// last updated: 20091209@1232
//
options {
	// Relative to the chroot directory, if any
	directory	"/etc/namedb";
	pid-file	"/var/run/named/pid";
	dump-file	"/var/dump/named_dump.db";
	statistics-file	"/var/stats/named.stats";
// fh	listen-on	{ 127.0.0.1; };
//	listen-on-v6	{ ::1; };
	disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
	disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
	disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
//	forward only;
	forwarders {
		10.1.1.1;
	};
};

zone "mydomain.com"			{ type master; file "mydomain/mydomain.com.fwd"; };
zone "1.1.10.in-addr.arpa"	{ type master; file "mydomain/mydomain.com.rev"; };

zone "." { type hint; file "named.root"; };

// RFC 1912
zone "localhost"	{ type master; file "master/localhost-forward.db"; };
zone "127.in-addr.arpa" { type master; file "master/localhost-reverse.db"; };
zone "255.in-addr.arpa"	{ type master; file "master/empty.db"; };

// RFC 1912-style zone for IPv6 localhost address
zone "0.ip6.arpa"	{ type master; file "master/localhost-reverse.db"; };

// "This" Network (RFCs 1912 and 3330)
zone "0.in-addr.arpa"		{ type master; file "master/empty.db"; };

// Private Use Networks (RFC 1918)
zone "10.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "16.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "17.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "18.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "19.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "20.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "21.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "22.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "23.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "24.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "25.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "26.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "27.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "28.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "29.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "30.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "31.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "168.192.in-addr.arpa"	{ type master; file "master/empty.db"; };

// Link-local/APIPA (RFCs 3330 and 3927)
zone "254.169.in-addr.arpa"	{ type master; file "master/empty.db"; };

// TEST-NET for Documentation (RFC 3330)
zone "2.0.192.in-addr.arpa"	{ type master; file "master/empty.db"; };

// Router Benchmark Testing (RFC 3330)
zone "18.198.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "19.198.in-addr.arpa"	{ type master; file "master/empty.db"; };

// IANA Reserved - Old Class E Space
zone "240.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "241.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "242.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "243.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "244.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "245.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "246.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "247.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "248.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "249.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "250.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "251.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "252.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "253.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "254.in-addr.arpa"		{ type master; file "master/empty.db"; };

// IPv6 Unassigned Addresses (RFC 4291)
zone "1.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "3.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "4.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "5.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "6.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "7.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "8.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "9.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "a.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "b.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "c.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "d.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "e.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "0.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "1.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "2.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "3.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "4.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "5.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "6.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "7.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "8.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "9.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "a.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "b.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "0.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "1.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "2.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "3.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "4.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "5.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "6.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "7.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };

// IPv6 ULA (RFC 4193)
zone "c.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "d.f.ip6.arpa"		{ type master; file "master/empty.db"; };

// IPv6 Link Local (RFC 4291)
zone "8.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "9.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "a.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "b.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };

// IPv6 Deprecated Site-Local Addresses (RFC 3879)
zone "c.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "d.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "e.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "f.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };

// IP6.INT is Deprecated (RFC 4159)
zone "ip6.int"			{ type master; file "master/empty.db"; };
```



			
				SirDice said:
			
		

> I also advise in adding localhost to your domain, pointing at 127.0.0.1 of course.



The following in named.conf does NOT handle localhost????

```
// RFC 1912
zone "localhost"	{ type master; file "master/localhost-forward.db"; };
zone "127.in-addr.arpa" { type master; file "master/localhost-reverse.db"; };
```

Do I still need to add localhost to mydomain.com files???
(mydomain.com.fwd, mydomain.com.rev)

mydomain.com current files...

```
; mydomain.com.fwd
; 20091209@1232
;
$TTL 3600	; 1 hour default TTL
@	IN SOA	mydomain.com.	root.nas.mydomain.com.	(
				2009120906	; Serial
				3600		; Refresh
				300		; Retry
				3600000		; Expire
				3600	)	; Minimum
		IN NS	nas.mydomain.com.

; MX Records
		IN	MX 10	nas
; Machines
		IN	A	10.1.1.2	; Server
nas		IN	A	10.1.1.2	; Server - FreeBSD
fbsd		IN	A	10.1.1.3	; WS - FreeBSD
hplj4550	IN	A	10.1.1.100	; HP Color LasterJet 4550

; Aliases
www		IN	CNAME	@
```


```
; mydomain.com.rev
; 20091209@1232
;
$TTL 3600	; 1 hour default TTL
@	IN SOA	mydomain.com.	root.nas.mydomain.com.	(
				2009120906	; Serial
				3600		; Refresh
				300		; Retry
				3600000		; Expire
				3600	)	; Minimum

		IN NS	nas.mydomain.com.
2		IN PTR	nas.mydomain.com.
3		IN PTR	fbsd.mydomain.com.
100		IN PTR	hplj4550.mydomain.com.
```

Question:
The SOA line... I have seen it done both ways, which is proper???

```
@	IN SOA	[B]mydomain.com.[/B]	root.nas.mydomain.com.	(
```
or

```
@	IN SOA	[B][color="Red"]nas.[/color]mydomain.com.[/B]	root.nas.mydomain.com.	(
```

Again, Thanks to everyone for your comments.

-Enjoy
fh  : )_~


----------



## SirDice (Dec 9, 2009)

FestusHagen said:
			
		

> Yea, I wacked all that, couldn't find much info on it all ...


The idea behind it is that it takes care of reverse resolving ip addresses that don't exist on the internet. If you don't add the empty db the DNS server will try to resolve the addresses at the root (or your forwarded) DNS servers. Since these addresses don't exist this will generate pointless traffic as a result of the requests. Adding them and resolving them with empty db fixes that.



> The following in named.conf does NOT handle localhost????


Yes, but I meant in your zone definitions. Some applications tack on .mydomain.somewhere if it cannot resolve localhost. So just to be sure I always add a localhost to my domain files. In your mydomain.com.fwd just add:

```
localhost      IN A 127.0.0.1
```

This is just to be sure localhost.mydomain.com. also resolves to 127.0.0.1.



> The SOA line... I have seen it done both ways, which is proper???


The first one. As it's <domain name> <adminstrative contact> not <dns server> <administrative contact>.


----------



## FestusHagen (Dec 9, 2009)

SirDice,

Excellent response, Thank you!



			
				SirDice said:
			
		

> The idea behind it is that it takes care of reverse resolving ip addresses that don't exist on the internet. If you don't add the empty db the DNS server will try to resolve the addresses at the root (or your forwarded) DNS servers. Since these addresses don't exist this will generate pointless traffic as a result of the requests. Adding them and resolving them with empty db fixes that.



Makes perfect sense, Thanks!




			
				SirDice said:
			
		

> Yes, but I meant in your zone definitions. Some applications tack on .mydomain.somewhere if it cannot resolve localhost. So just to be sure I always add a localhost to my domain files. In your mydomain.com.fwd just add:
> 
> ```
> localhost      IN A 127.0.0.1
> ...



Aye, a failsafe for broken apps...




			
				SirDice said:
			
		

> The first one. As it's <domain name> <adminstrative contact> not <dns server> <administrative contact>.



That is what I thought as well (and is how I have it), However I see many examples the second way, including the Handbook.

SirDice, Thank you!

-Enjoy
fh  : )_~


----------

