Upgrading BIND

Jim Reid jim at rfc1035.com
Mon Apr 30 15:58:31 UTC 2001


>>>>> "James" == James  <jsimons at edistonet.com> writes:

    James> Right now there are two servers up and running.  One is the
    James> Web Server and the other is running BIND, my mail server,
    James> and the authentication for my dial up customers.  I'm
    James> having a pretty vicious problem with my mail server in that
    James> it is spontaneously cutting itself off after running for a
    James> few days.  I'm thinking that there are too many rescources
    James> being used at one time on this server and I would like to
    James> move BIND to my Web Server as this seems like a more
    James> logical place for it anyway.

    James> Now, my question for you all is what would be involved in
    James> this?  Would I essentially be installing a fresh version of
    James> BIND onto the Web Server and then copying over the old
    James> config files?  Currently BIND v4.6 is running on the
    James> server.  I would like to bring it up to v8 to take
    James> advantage of the new bug fixes etc, but would a complete
    James> reworking of the configuration files be necesary for this?

So many questions....

First things first. If your mail system is having problems, fix that.
Would you change the tyres on your car if it had a flat battery? It's
not clear what your mail system's problem is or if it is resource
related. Even if it is, shifting the name server is unlikely to make
any difference. DNS is not a resource hog, though it likes to use RAM.
With today's hardware it's hard to find a general purpose computer that
hasn't enough CPU/disk/RAM/network bandwidth. Whatever resource
problem -- if there is one -- would still be there even after you
moved the name server elsewhere.

Moving the name server is a bad idea. Except for trivial setups, it
takes a lot of work and careful co-ordination: changing NS records,
amending delegations, notifying customers and slave servers, fixing
resolv.conf and idiot forwarding setups, etc, etc. The fact you're
asking about moving the name servers should tell you that you
shouldn't be doing this because you don't seem to know what is
involved. If you are going to move the name server, move it to a
dedicated box. It's an even worse idea to move the name server to a
system acting web server. It will like to use RAM to cache web
pages. If that computer doesn't have enough memory, you'll be in big
trouble.

You *must* upgrade your name server. BIND4 is long dead. There is no
"BIND v4.6", so I presume you're running 4.9.6 which has security
holes. Upgrade to the current release, 8.2.3 or 9.1.1.  Upgrading
could be a lot of work, depending on the state of your zone
files. BIND4 was too tolerant of errors. BIND8 and BIND9 catch most of
these illegalities. So you could find yourself fixing lots of broken
zone files that have been wrong for a long time.


More information about the bind-users mailing list