Set up DNS for your private address space
A description of the problem
At present, the root nameservers are delegating the private
IP space to black-hole servers. If your software does a
gethostbyaddr(192.168.2.3) or gethostbyaddr(10.5.5.5)
or gethostbyaddr(172.16.23.7), or of any of the other IP
addresses in private IP address space, it may never get a DNS response. The
gethostbyaddr() library function will return a failure, but only
after a noticeable delay. You will see the effects of this in a slow response
to a connection from one of these IP addresses.
If you have only a small number of hosts in your private address
space, adding entries for all to "/etc/hosts" will usually correct
the problem. If you have a large number of hosts, the better
solution is to setup your own DNS server. Make it authoritative (a
primary server) for 168.192.in-addr.arpa (or the appropriate zone for
other private address ranges). You can set it up as a forwarding
server, to forward all other requests to the DNS servers provided by
your ISP, if you are currently using your ISPs DNS. Then have
/etc/resolv.conf list your own DNS server.
The result will be that your reverse DNS queries, as in
gethostbyaddr(), will always give fast responses, since they are
getting authoritative answers from your own server. Even if you
don't add any actual entries, your queries will get quick responses
indicating a lookup failure, instead of painfully slow timeouts.
Sample files
The links below are samples only. You will need to edit them
to suit your needs.
#
# sample named.conf for a private DNS on the 192.168.*.* network
#
# This assumes that zone files are in "/var/named", and that there
# is a subdirectory "/var/named/cache". You should run "named"
# as a non-root user such as "nobody". Make the directory
# "/var/named/cache" owned by user "nobody" (or whatever user
# runs named. This sample is based on bind-8.2.x
#
acl lan { 192.168/16 ;
127.0.0.1 ;
} ;
options {
directory "/var/named";
pid-file "cache/named.pid" ;
forward only ;
forwarders {
1.2.3.4 ; ## list your ISP dns server
5.6.7.8 ; ## on these lines.
} ;
allow-query { lan ; } ;
allow-recursion { lan ; } ;
allow-transfer { lan ; } ;
} ;
## Change this entry to whatever you need for a forward
## DNS zone for your private lan.
zone "private.lan" in {
type master ;
file "private.lan.zone" ;
} ;
## This is a standard entry for the 127.0.0.1 mapping.
zone "127.in-addr.arpa" in {
type master ;
file "localhost.rev.zone" ;
} ;
## This is the entry for IP address lookups for 192.168.*.*
zone "168.192.in-addr.arpa" in {
type master ;
file "lan.rev.zone" ;
} ;
## Needed to define the root nameserver cache.
zone "." in {
type hint ;
file "root.cache" ;
} ;
;;
;; This defines one machine, "private.lan", with address
;; 192.168.1.1, and lists it as the primary DNS for the zone.
;;
;; If you change the name here to something other than "private.lan"
;; you must make corresponding changes for other files used by
;; your nameserver (zone files and named.conf)
;;
$TTL 3600
@ IN SOA private.lan. postmaster.private.lan. (
1 ; Serial #
86400 ; refresh interval
86400 ; retry interval
604800 ; expiration limit
86400 ) ; min RR TTL binding
IN NS @
IN A 192.168.1.1
; Authoritative data for
; IP addresses on 192.168 (168.192.in-addr.arpa.)
;
$TTL 3600
@ IN SOA private.lan. postmaster.private.lan. (
1 ; Serial #
86400 ; refresh interval
86400 ; retry interval
604800 ; expiration limit
86400 ) ; min RR TTL binding
IN NS private.lan.
;
; Data for localhost reverse listing.
1.1 IN PTR private.lan.
;
; Authoritative data for
; loopback-net.in-addr.arpa. (127.in-addr.arpa)
;
$TTL 3600
@ IN SOA private.lan. postmaster.private.lan (
1 ; Serial #
86400 ; refresh interval
86400 ; retry interval
604800 ; expiration limit
86400 ) ; min RR TTL binding
IN NS private.lan.
;
; Data for localhost reverse listing.
$ORIGIN 0.0.127.in-addr.arpa.
1 IN PTR localhost.
;
; $Id: root.cache,v 1.1.1.1 2006/10/11 20:45:19 eric Exp $
;
; Initial cache data for root domain servers.
;
. 99999999 IN NS A.ROOT-SERVERS.NET.
99999999 IN NS B.ROOT-SERVERS.NET.
99999999 IN NS C.ROOT-SERVERS.NET.
99999999 IN NS D.ROOT-SERVERS.NET.
99999999 IN NS E.ROOT-SERVERS.NET.
99999999 IN NS F.ROOT-SERVERS.NET.
99999999 IN NS G.ROOT-SERVERS.NET.
99999999 IN NS H.ROOT-SERVERS.NET.
99999999 IN NS I.ROOT-SERVERS.NET.
99999999 IN NS J.ROOT-SERVERS.NET.
99999999 IN NS K.ROOT-SERVERS.NET.
99999999 IN NS L.ROOT-SERVERS.NET.
99999999 IN NS M.ROOT-SERVERS.NET.
;
; Prep the cache (hotwire the addresses). Order does not matter.
;
A.ROOT-SERVERS.NET. 99999999 IN A 198.41.0.4
B.ROOT-SERVERS.NET. 99999999 IN A 128.9.0.107
C.ROOT-SERVERS.NET. 99999999 IN A 192.33.4.12
D.ROOT-SERVERS.NET. 99999999 IN A 128.8.10.90
E.ROOT-SERVERS.NET. 99999999 IN A 192.203.230.10
F.ROOT-SERVERS.NET. 99999999 IN A 192.5.5.241
G.ROOT-SERVERS.NET. 99999999 IN A 192.112.36.4
H.ROOT-SERVERS.NET. 99999999 IN A 128.63.2.53
I.ROOT-SERVERS.NET. 99999999 IN A 192.36.148.17
J.ROOT-SERVERS.NET. 99999999 IN A 198.41.0.10
K.ROOT-SERVERS.NET. 99999999 IN A 193.0.14.129
L.ROOT-SERVERS.NET. 99999999 IN A 198.32.64.12
M.ROOT-SERVERS.NET. 99999999 IN A 202.12.27.33