BIND- help me confirm my config please

Kevin Darcy kcd at daimlerchrysler.com
Thu Nov 16 02:30:53 UTC 2000 

sygurd1006 at my-deja.com wrote:

> In article <3A076780.EBD46CBC at daimlerchrysler.com>,
>   Kevin Darcy <kcd at daimlerchrysler.com> wrote:
> >
> > First of all, get the _DNS_and_BIND_ O'Reilly book (3rd Edition is the
> > latest published edition) if you want to do anything serious with DNS.
> > Those other books may talk about DNS and/or BIND in passing, but they
> are
> > no substitute for "the book".
> >
> > Secondly, upgrade to BIND 8.2.2-p5 at least. The config you show is
> for
> > BIND 4, which is very old and full of bugs. The configuration file is
> > completely different for BIND 8, but there is a conversion tool.
> >
> > You shouldn't have two different slave ("secondary", in BIND 4
> > terminology) definitions for the same "this.net" zone. I don't quite
> > recall what BIND 4 would do with this. In the best case, it will just
> take
> > one of the definitions, which means you don't have as much redundancy
> as
> > you hoped. In the worst case, multiple named-xfer's may end up writing
> > over each other in the same zone file. Or maybe it will just reject
> > *both* definitions. You can do what you (apparently) want by listing
> > *both* masters in the same definition, i.e.
> >
> > secondary  this.net  2.2.2.2 2.2.2.3 this.hosts
> >
> > BIND 4's named-xfer will try those addresses in order.
> >
> > I don't know whether you need the forwarders statement or not. Can
> your
> > nameserver talk directly to every other nameserver it needs to? If
> not,
> > then you may need the forwarders to help with that, in which case you
> > should also have a "slave" directive, otherwise if the forwarders are
> > unavailable, you may find that your nameserver just thrashes trying to
> > resolve queries that it can never resolve. With the "slave"
> directive, the
> > nameserver will just give up if the forwarders are unavailable. I *do*
> > know, however, that you shouldn't list root servers (198.41.0.4 and
> > 193.0.14.120) as forwarders; that's anti-social and won't work anyway
> for
> > most Internet queries you'd want to make, since the root servers don't
> > honor recursion.
> >
> > You should define (uncomment) 0.0.127.in-addr.arpa if you want to
> control
> > how loopback, i.e. 127.0.0.1 reverse-resolves. If you don't care about
> > that, you don't need the zone.
> >
> > Whether you should define (uncomment) 1.1.in-addr.arpa is up to you:
> can
> > you reverse-resolve addresses in that range using the normal
> forwarding or
> > non-forwarding mechanisms? Do you need to reverse-resolve those
> addresses
> > at all? Note that with BIND 8 you have other options besides being a
> slave
> > for a zone: you can be a "stub" or, with later versions of BIND 8,
> you can
> > forward on a per-domain basis (as opposed to globally).
> >
> > Oh, and please get rid of that "caching only" comment. You are a slave
> > and/or forwarding server. Obviously that's not "caching only".
> >
> > - Kevin
> >
> > sygurd1006 at my-deja.com wrote:
> >
> > > BIND- help me confirm my config please:
> > > i have a DNS server which i have attempted to configure as a
> secondary;
> > > i am in china and was using old documentation from the O'Reilly
> tcpip
> > > book and the UNIX red book
> > > My dns primary is 2.2.2.2 and he has a backup 2.2.2.3
> > > do i need the reverse statement?
> > > do i need the forwarders statement?
> > > my /etc/named.boot is as follows:
> > > ;
> > > ; a caching only nameserver config
> > > ;
> > > directory                                       /var/named
> > > cache      .                                    named.ca
> > > ; primary    0.0.127.in-addr.arpa               named.local
> > > ; make him a secondary nameserver
> > > secondary  this.net            2.2.2.2         this.hosts
> > > secondary  this.net            2.2.2.3         this.hosts
> > > ; secondary  1.1.in-addr.arpa  2.2.2.2         2.2.rev
> > > ;
> > > forwarders 2.2.2.2   2.2.2.3  198.41.0.4 193.0.14.129
> > > [root at this dataeng]#
> >
> Thanks for that info
> as i am in a 3rd world country and no access to the latest BIND and DNS
> book, can someone point me to a url that has enough information to
> reconfigure this server based on BIND 8?

The BIND 8 documentation itself has some sample configs, and as
I mentioned, there is a conversion tool that you could run against your
BIND 4 config. You could also look at
http://www.isc.org/products/BIND/contributions.html and all of the links on
that page --- especially the DNS Resources Directory -- for more
information.


- Kevin

More information about the bind-users mailing list