Subject: Re: DNS lookup for internal adresses
To: David TAILLANDIER <david.taillandier@domainename.com>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: netbsd-users
Date: 03/07/2002 23:27:23
On Thu, Mar 07, 2002 at 11:18:34PM +0100, David TAILLANDIER wrote:
>
> We have a LAN of several computers connected to the internet via a
> NetBSD gateway. We don't have any DNS ; We only use our provider's DNS
> to resolve internet adresses.
> Our local network is 192.168.0.0/16
> Nothing special as you can see.
>
> Our internet provider have recently made a change to its DNS, and I
> found it because... there is a problem now :-)
> Their DNS *seems* to not answer anymore to reverse lookup requests like
> "how is 192.168.0.199 ?". Since this change, when I log onto the
> NetBSD gateway via SSH, it took several seconds before I can enter my
> password because the NetBSD box wait the name of the computer I use
> (and, since the provider's DNS drops requests for 192.168.0.0 ...).
> And when I logged in, it tooks several seconds before a simple ping to
> internal network to start. ping 192.168.0.x for example.
>
> I think NetBSD send reverse lookup requests for every of thoses cases
> and I have to wait for timeout. Around 2 minutes (!).
>
> I then modified nsswitch.conf to explain NetBSD I don't want it to ask
> anything to the DNS ("host: file" instead of "host: file dns").
> All this because I very new into *nix familly.
> Of course, I can't use DNS resolution anymore on the NetBSD box.
>
> Then:
> How can I tell the NetBSD box to use DNS reverse lookup only for
> "real" internet adresses ?
> Not for 192.168.0.0/24 or 10.0.0.0/8 (or what I want in fact because
> we have some other LANs connected via 'vtun').
Quick fix: add the machines you have on private networks in /etc/hosts,
and make sure nssitch.conf has:
host: file dns
(in this order)
better fix:
setup a DNS that will be authoritative for 168.192.in-addr.arpa and
10.in-addr.arpa. From the default named config in NetBSD, add:
zone "168.192.IN-ADDR.ARPA" {
type master;
file "168.192";
};
zone "10.IN-ADDR.ARPA" {
type master;
file "10";
};
In /etc/namedb/10, add:
$TTL 3600
@ IN SOA localhost. hostmaster.localhost. (
1999012100 ; Serial
3600 ; Refresh
300 ; Retry
3600000 ; Expire
3600 ) ; Minimum
and same for /etc/namedb/168.192
You may then want to improve this, and make it authoritative for a local
domain in which you'll put all your machines on private networks, and fill
in the reverses. Please see the bind documentation for that.
>
> Or:
> where can I find any documentation because it seems to be very hard to
> find something written about NetBSD (or I'm too dumb to find it).
http://www.netbsd.org/Documentation/, especially "The NetBSD Guide".
--
Manuel Bouyer <bouyer@antioche.eu.org>
--