Keith Smith via PLUG-discuss said on Sat, 29 Oct 2022 08:07:03 -0700 >Hi, > >For some reason .local popped into my head this morning. From what I >read it appears I may be able to create an Intranet that has a private >domain name such as MyBusiness.local, on a private IP, and I am >thinking I can run BIND and make a zone file for this Intranet. For the last 20 years the LAN in my house has TLD .cxm. I chose .cxm specifically because there's no such TLD in the global DNS. I use unbound instead of bind. The following is my unbound.conf: ########################################################## ### BE SURE to use unbound-checkconf ### before enabling a changed conf file! #FORWARD-ZONE SECTION!!!!!!!!!!!!!!!! # The following is how you query google DNS instead of root servers # I chose to query the root servers and commented it out. #forward-zone: #name: "." #forward-addr: 8.8.8.8 #forward-addr: 8.8.4.4 #REMOTE-CONTROL SECTION!!!!!!!!!!!!!! # Enable use of unbound-control # Remote control is very, very useful # Use judgement re security # Use doublequotes on filenames, unbound should read them # from /etc/unbound # Create keys and certs by running unbound-control-setup remote-control: control-enable: yes control-use-cert: yes server-key-file: "unbound_server.key" server-key-file: "unbound_server.key" server-cert-file: "unbound_server.pem" control-key-file: "unbound_control.key" control-cert-file: "unbound_control.pem" #SERVER SECTION!!!!!!!!!!!!!!!!!!!!!! server: use-syslog: yes # Use 192.168.0.2 so whole WAN can use it ip-address: 192.168.0.102 # Guard against future default changes: no systemd ever! use-systemd: no # Speed UDP so-reuseport: yes # use all CPU cores, I have 1 CPU with 2 cores num-threads: 2 # power of 2 close to num-threads msg-cache-slabs: 2 rrset-cache-slabs: 2 infra-cache-slabs: 2 key-cache-slabs: 2 # more cache memory, rrset=msg*2 rrset-cache-size: 100m msg-cache-size: 50m # more outgoing connections # depends on number of cores: 1024/cores - 50 outgoing-range: 450 # Larger socket buffer. # OS may need config, so I don't use it #so-rcvbuf: 4m #so-sndbuf: 4m # Faster UDP with multithreading (only on Linux). so-reuseport: yes # ROOT HINTS STUFF TO FIND ROOT DNS SERVERS # /etc/unbound/root.hints refreshed by following command # Update every six months # No (default) or old root-hints make slow lookups # curl -o /etc/unbound/root.hints \ # https://www.internic.net/domain/named.cache root-hints: /etc/unbound/root.hints ### AUTH DNS on subnet, no separate AUTH srvr needed local-zone: "cxm." static local-data: "littlinks.cxm. IN A 192.168.0.2" local-data-ptr: "192.168.0.2 littlinks.cxm" local-data: "robert.cxm. IN A 192.168.0.2" local-data-ptr: "192.168.0.2 robert.cxm" local-data: "litt.cxm. IN A 192.168.0.2" local-data-ptr: "192.168.0.2 litt.cxm" local-data: "troubleshooters.cxm. IN A 192.168.0.2" local-data-ptr: "192.168.0.2 troubleshooters.cxm" local-zone: "littlinks.cxm." static local-data: "www.littlinks.cxm. IN A 192.168.0.2" local-data-ptr: "192.168.0.2 www.littlinks.cxm" local-data: "cz3.littlinks.cxm. IN A 192.168.0.2" local-data-ptr: "192.168.0.2 cz3.littlinks.cxm" local-data: "stylz.cxm. IN A 192.168.0.2" local-data-ptr: "192.168.0.2 stylz.cxm" local-zone: "stylz.cxm." static local-data: "www.stylz.cxm. IN A 192.168.0.2" local-data-ptr: "192.168.0.2 www.stylz.cxm" local-zone: "troubleshooters.cxm." static local-data: "www.troubleshooters.cxm. IN A 192.168.0.2" local-data-ptr: "192.168.0.2 www.troubleshooters.cxm" # Other stuff, see # https://www.tecmint.com/setup-dns-cache-server-in-centos-7/ # Enable dig command with allow_snoop #access-control: 0.0.0.0/0 allow_snoop access-control: 0.0.0.0/0 deny # access-control: 192.168.0.236/30 allow access-control: 192.168.0.0/24 allow access-control: 127.0.0.0/8 allow local-zone: "168.192.in-addr.arpa." nodefault #FANTASTIC MAGIC! stub-zone: name: "mydesk." stub-addr: 192.168.0.2 stub-zone: name: "home.lan" stub-addr: 192.168.0.2 stub-zone: name: "0.168.192.in-addr.arpa." stub-addr: 192.168.0.2 ########################################################## The preceding works but I think it has has a lot of unnecessary stuff and non-customary ways of doing things, but it gives you the flavor of what I'm doing with .cxm. As long as the global system doesn't contain a .local, I'm sure you can use .local the same way I use .cxm. I chose .cxm because it looks a lot like .com. I write technical books and wanted examples that are glancible but cannot hit real servers on the Internet. SteveT Steve Litt Summer 2022 featured book: Thriving in Tough Times http://www.troubleshooters.com/bookstore/thrive.htm --------------------------------------------------- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss