First, create a traditional DNS cache file (usually called named.ca in DNS documentation) on your G Box. Here is an example:
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;
; initial cache data for root domain servers
;
;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;
. 99999999 IN NS ns.nic.ddn.mil.
. 99999999 IN NS terp.umd.edu.
. 99999999 IN NS c.nyser.net.
. 99999999 IN NS kava.nisc.sri.com.
. 99999999 IN NS ns.nasa.gov.
. 99999999 IN NS aos.brl.mil.
;
ns.nic.ddn.mil. 99999999 IN A 192.112.36.4
terp.umd.edu. 99999999 IN A 128.8.10.90
c.nyser.net. 99999999 IN A 192.33.4.12
kava.nisc.src.com 99999999 IN A 192.33.33.24
ns.nasa.gov. 99999999 IN A 128.102.16.10
99999999 IN A 192.52.195.10
aos.brl.mil. 99999999 IN A 128.63.4.82
99999999 IN A 192.5.25.82
Your Internet service provider can give you an up-to-date DNS cache file, since the Internet root nameservers change from time to time. This file is consulted by the DNS system when it first starts (usually when your system is booted) and it contains permanent information about root nameservers accessible on the Internet.
Second, create the named.boot file. Here is an example:
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;
; named.boot file for G Box
;
primary your.domain db.domain
primary 987.654.321.in-addr.arpa db.123.456.789
primary 0.0.127.in-addr.arpa db.127.0.0
cache . named.cache
See your DNS documentation for the format of the files we've named db.something in this example.
Third, create DNS database files for your G Box (the db.something files noted above), but include in them only the information about your network and its hosts that you wish to be made generally available on the Internet via the Domain Name Service. Do not include any internal machines whose network identity you wish to keep internal to your network. Most importantly, do not include any information about your internal root nameserver(s). In this way, the nameserver running on the G Box will not be able to independently resolve hostnames on your internal network, except by querying the internal root nameserver. It not being able to do so also ensures that it cannot broadcast that information to the Internet at large. Tools to help you set up your DNS database files include h2n, a set of perl (Practical Extraction and Report Language) scripts which converts your /etc/hosts file to DNS database files. Perl is a freely distributable package, available at most major anonymous ftp sites). H2n is available via anonymous ftp from ftp.uu.net in directory /published/oreilly/nutshell/dnsbind. HP-UX users can use the HP- specific tool hosts_to_named to accomplish the same objective.
Fourth, create the resolv.conf file on your G box to include references to both itself and the internal root nameserver(s). Here is an example:
####################################
#
#resolv.conf file for G Box
#
domain your.domain
nameserver 123.56.76.123 #IP address of internal root nameserver
nameserver 127.0.0.1 #this machine
This allows the G Box's nameserver to resolve hostnames by querying your internal nameserver(s) first, then itself. Querying the internal nameserver first is a critical aspect of this setup. This seems unusual, since the G Box is itself a nameserver, but since the G Box nameserver has limited information about your internal network, this configuration forces it to look first to the internal root nameserver for information and only later does it Internet (i.e., external) hostnames in the normal fashion by looking in its own cache and/or querying true Internet root nameservers.