Making sure Tiger Server DNS is setup ok

[tyazbeck]

Hi all,

I have recently set up a Mac OS X Tiger Server 10.4.7 machine and would simply like to list what I have done with regards to DNS in order to get feedback if all is done properly.

I use a router and it gets all the info it needs from my ISP via DHCP and provides NAT. Naturally, the router is also the firewall.

On my Lan, I have 5 macs, and 1 Mac G4 which is running Tiger Server 10.4.7

I have setup DNS on Tiger Server as follows:

GENERAL:
Allow: Zone Transfer and Recursion

ZONES:
I have added my Tiger Server with its static internal IP, and in the MACHINES sub-section, I added all my other machines as well.

SECONDARY ZONES:
I added nothing.

Now, on the Tiger Server, I edited the named.conf file in order to enable forwarding. This is what I entered (ps. do I need to put the // befrore query?)

query-source address * port 53;
forwarders {
10.10.1.1;
};
};

Note: 10.10.1.1 is my router. I did not put my ISP's DNS IPs directly in there just in case they change. My router will always use the right DNS servers from my ISP, so by simply putting my routers IP in the named.conf file, I figured it would be ok.

ON THE MAC CLIENTS:
In the Network system preferences, I entered the internal IP of my Tiger Server.

RESULT:
I get all the correct resolutions (forward and reverse) of all my internal Macs as well as any domains outside my lan and the speed of the internet browsing on all my Macs is blazing fast and unaffected.

MY QUESTION:
Even though this setup works well; is it the correct way of doing things? Is everything as secure as it should be? Is the syntax ok? I'm not a pro at this so I would really appreciated more experienced users input if possible.

Thanks to all help in advance.

Tony

[macworks]

I'm certainly not an expert on this stuff either. The entire named.conf on one of my client's servers is listed below. We do NOT point the client machines to the server for DNS, but the server is hosting a web site.

// Declares control channels to be used by the rndc utility.
//
controls {
inet 127.0.0.1 port 54 allow {any; };

};
// It is recommended that 127.0.0.1 be the only address used.
// This also allows non-privileged users on the local host to manage
// your name server.
options {
directory "/var/named";
recursion true;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

//
// a caching only nameserver config
//
zone "." IN {
type hint;
file "named.ca";
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};

zone "ourdomain.com" in {
file "ourdomain.com.zone";
type master;
};

zone "72.210.69.in-addr.arpa" IN {
file "db.69.210.72";
type master;
};

logging {
category default {
_default_log;
};

channel _default_log {
file "/Library/Logs/named.log";
severity info;
print-time yes;
};
};