[FUG-BR] squid + dns [RESOLVIDO]
Denis Granato
denisgranato em gmail.com
Sábado Maio 12 16:53:59 BRT 2007
Valeu junior agora está funcionando, fiz todas as suas dicas
muito obrigado até mais
On 5/12/07, Junior Pires <junior em gujao.com> wrote:
> Só pra você ter mais ou menos uma noção de como vai ficar, ai vai meu
> named.conf:
>
> // $FreeBSD: src/etc/namedb/named.conf,v 1.15.2.3 2005/03/23 17:35:58
> dougb Exp $
> //
> // Refer to the named.conf(5) and named(8) man pages, and the documentation
> // in /usr/share/doc/bind9 for more details.
> //
> // If you are going to set up an authoritative server, make sure you
> // understand the hairy details of how DNS works. Even with
> // simple mistakes, you can break connectivity for affected parties,
> // or cause huge amounts of useless Internet traffic.
>
> options {
> directory "/etc/namedb";
> pid-file "/var/run/named/pid";
> dump-file "/var/dump/named_dump.db";
> statistics-file "/var/stats/named.stats";
>
> // If named is being used only as a local resolver, this is a safe default.
> // For named to be accessible to the network, comment this option, specify
> // the proper IP address, or delete this option.
> listen-on { 127.0.0.1; 192.168.xxx.xxx; };
>
> // If you have IPv6 enabled on this system, uncomment this option for
> // use as a local resolver. To give access to the network, specify
> // an IPv6 address, or the keyword "any".
> // listen-on-v6 { ::1; };
>
> // In addition to the "forwarders" clause, you can force your name
> // server to never initiate queries of its own, but always ask its
> // forwarders only, by enabling the following line:
> //
> // forward only;
>
> // If you've got a DNS server around at your upstream provider, enter
> // its IP address here, and enable the line below. This will make you
> // benefit from its cache, thus reduce overall DNS traffic in the Internet.
> /*
> forwarders {
> 200.223.xxx.xxx;
> };
>
>
> */
> /*
> * If there is a firewall between you and nameservers you want
> * to talk to, you might need to uncomment the query-source
> * directive below. Previous versions of BIND always asked
> * questions using port 53, but BIND versions 8 and later
> * use a pseudo-random unprivileged UDP port by default.
> */
> // query-source address * port 53;
> };
>
> // If you enable a local name server, don't forget to enter 127.0.0.1
> // first in your /etc/resolv.conf so this server will be queried.
> // Also, make sure to enable it in /etc/rc.conf.
>
> zone "." {
> type hint;
> file "named.root";
> };
>
> zone "0.0.127.IN-ADDR.ARPA" {
> type master;
> file "master/localhost.rev";
> };
>
> // RFC 3152
> zone
> "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"
> {
> type master;
> file "master/localhost-v6.rev";
> };
>
> // RFC 1886 -- deprecated
> zone
> "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT"
> {
> type master;
> file "master/localhost-v6.rev";
> };
>
> // NB: Do not use the IP addresses below, they are faked, and only
> // serve demonstration/documentation purposes!
> //
> // Example slave zone config entries. It can be convenient to become
> // a slave at least for the zone your own domain is in. Ask
> // your network administrator for the IP address of the responsible
> // primary.
> //
> // Never forget to include the reverse lookup (IN-ADDR.ARPA) zone!
> // (This is named after the first bytes of the IP address, in reverse
> // order, with ".IN-ADDR.ARPA" appended.)
> //
> // Before starting to set up a primary zone, make sure you fully
> // understand how DNS and BIND works. There are sometimes
> // non-obvious pitfalls. Setting up a slave zone is simpler.
> //
> // NB: Don't blindly enable the examples below. :-) Use actual names
> // and addresses instead.
>
> /* An example master zone
> zone "example.net" {
> type master;
> file "master/example.net";
> };
> */
>
> /* An example dynamic zone
> key "exampleorgkey" {
> algorithm hmac-md5;
> secret "sf87HJqjkqh8ac87a02lla==";
> };
> zone "example.org" {
> type master;
> allow-update {
> key "exampleorgkey";
> };
> file "dynamic/example.org";
> };
> */
>
> /* Examples of forward and reverse slave zones
> zone "example.com" {
> type slave;
> file "slave/example.com";
> masters {
> 192.168.xxx.xxx;
> };
> };
> zone "1.168.192.in-addr.arpa" {
> type slave;
> file "slave/1.168.192.in-addr.arpa";
> masters {
> 192.168.xxx.xxx;
> };
> };
> */
>
>
>
>
> > Configura o teu /etc/namedb/named.conf e o teu /etc/hosts e coloca isso lá
> > no /etc/rc.conf:
> >
> > named_enable="YES"
> > named_flags="${named_flags} -4"
> >
> > Depois disso, é só setar nas maquinas o ip do teu servidor na sessão de
> > DNS.
> >
> > Abraço.
> >
> >
> >> Boa noite senhores,
> >>
> >> Tenho um servidor de internet rodando com squid 2.6 (transparente) +
> >> ipfw e os usuários só navegam se colocar nas máquinas o dns real (o
> >> que fica no /etc/resolv.conf) e eu gostaria de usar o dns com o ip da
> >> rede interna (o mesmo do gayeway).
> >>
> >> O que está faltando? named?
> >>
> >> Obrigado desde já
> >> -------------------------
> >> Histórico: http://www.fug.com.br/historico/html/freebsd/
> >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> >>
> >> --
> >> Esta mensagem foi verificada pelo sistema de antivírus e
> >> acredita-se estar livre de perigo.
> >>
> >>
> >
> >
> > --
> > Junior Pires
> > Assistente de Informáica
> > CPD
> > Gujão Alimentos.
> > Tel: (75) 3244-2121 (Ramal 218).
> >
> >
> > --
> > Esta mensagem foi verificada pelo sistema de antivírus e
> > acredita-se estar livre de perigo.
> >
> > -------------------------
> > Histórico: http://www.fug.com.br/historico/html/freebsd/
> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> >
>
>
> --
> Junior Pires
> Assistente de Informáica
> CPD
> Gujão Alimentos.
> Tel: (75) 3244-2121 (Ramal 218).
>
>
> --
> Esta mensagem foi verificada pelo sistema de antivírus e
> acredita-se estar livre de perigo.
>
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
Mais detalhes sobre a lista de discussão freebsd