[TriLUG] Bind9 Hand-hold question (or alternative)

Brian Henning lugmail at cheetah.dynip.com
Sat Mar 7 13:24:36 EST 2009


Hi Gang,

I'm setting up a new CentOS 5.2-based router, and I'm trying to make it as
set-and-forget as possible.  One of the necessities of this router is
providing dhcp on its internal interface.  That much is working great.  Only
thing is, I need dhcpd to hand out DNS server addresses based on what
dhclient on the external interface gets from the ISP.

I've done some cursory Google searching and didn't come up with much as far
as making dhcpd get its dns info from resolv.conf (which would be ideal).

So I had the idea, hey, why not set up a named server also, to simply
forward all DNS requests out to the ISP's servers?  Then dhcpd just hands
out the router's address for client DNS servers.

(Nevermind that I still face the same dilemma, only relocated -- how do I
get bind to turn to resolv.conf for its forwarding targets?)

So for now, I've set up /etc/named.conf as follows:

options {
	forward first;
	forwarders {
		x.y.z.w;   # (hard-coded outside dns server 1)
		x.y.z.w;   # (hard-coded outside dns server 2)
	};
};

And that's it in its entirety, and it appears to work.  So, three questions:

1) Is the above named.conf "safe"?  iptables will be preventing any outside
access to bind...but does the above simple config leave open any room for
nasty dns tricks like poisoning or whatever?

2) Is there a way to get the list of forwarders from resolv.conf?

3) Is there a better way to do what I want to do?

Many thanks,
~Brian




More information about the TriLUG mailing list