Configuring Bind for use with OpenNIC
Kevin Darcy
kcd at daimlerchrysler.com
Thu Jul 5 16:58:33 UTC 2001
Why on earth would OpenNIC want everyone to be a slave of the root zone? Don't
they realize that whenever the root zone changes, this means *everyone* who is
running a recent version of BIND will NOTIFY *all* of the root nameservers? I
suspect they're getting swamped with NOTIFY traffic every time they change the
zone. Bad design decision, I'd say.
- Kevin
cbiesinger at web.de wrote:
> Hello!
> At the moment, I'm trying to configure my bind for use with OpenNIC
> (http://www.opennic.unrated.net if you're interested).
> It's supposed to be mostly a caching nameserver, but also serving one
> local domain.
>
> Now, the Problem I have is that now and then Bind stops answering
> queries. The log doesn't seem to contain unusual messages, but here
> are some lines which might relate to this problem:
> Jul 4 19:47:56 chello212186200128 named[17066]: Sent NOTIFY for " IN
> SOA 2001052201" (); 8 NS, 8 A
> Jul 4 19:54:15 chello212186200128 named[17066]: ns_forw:
> query(www.parody) All possible A RR's lame
>
> The version is: named 8.2.4-REL-NOESW Fri Jun 1 01:18:38 MDT 2001
>
> My config file is as follows: (The file /etc/bind/tld-root exists & is
> the one from http://www.opennic.unrated.net/server.html)
>
> // This is the primary configuration file for the BIND DNS server named.
> //
> // Please read /usr/share/doc/bind/README.Debian for information on the
> // structure of BIND configuration files in Debian for BIND versions 8.2.1
> // and later, *BEFORE* you customize this configuration file.
> //
>
> options {
> directory "/var/cache/bind";
> listen-on { 192.168.1.1; };
>
> // If there is a firewall between you and nameservers you want
> // to talk to, you might need to uncomment the query-source
> // directive below. Previous versions of BIND always asked
> // questions using port 53, but BIND 8.1 and later use an unprivileged
> // port by default.
>
> // query-source address * port 53;
>
> // If your ISP provided one or more IP addresses for stable
> // nameservers, you probably want to use them as forwarders.
> // Uncomment the following block, and insert the addresses replacing
> // the all-0's placeholder.
>
> // forwarders {
> // 0.0.0.0;
> // };
> };
>
> // reduce log verbosity on issues outside our control
> logging {
> category lame-servers { null; };
> category cname { null; };
> };
>
> // prime the server with knowledge of the root servers
> zone "." {
> // type hint;
> // file "/etc/bind/db.root";
> // Adding OpenNIC support (http://www.opennic.unrated.net)
> // (Wed Jul 4 19:35:12 CEST 2001)
> type slave;
> file "/etc/bind/tld-root";
> masters { 216.74.72.5; 165.251.126.11; 209.21.75.52; };
> };
>
> // be authoritative for the localhost forward and reverse zones, and for
> // broadcast zones as per RFC 1912
>
> zone "localhost" {
> type master;
> file "/etc/bind/db.local";
> };
>
> zone "127.in-addr.arpa" {
> type master;
> file "/etc/bind/db.127";
> };
>
> zone "0.in-addr.arpa" {
> type master;
> file "/etc/bind/db.0";
> };
>
> zone "255.in-addr.arpa" {
> type master;
> file "/etc/bind/db.255";
> };
>
> // add entries for other zones below here
>
> zone "biesinger.at" {
> type master;
> file "/etc/bind/db.biesinger.at";
> };
>
> zone "1.168.192.in-addr.arpa" {
> type master;
> file "/etc/bind/db.192";
> };
>
> --
> Encrypted Emails strongly preferred! Get PGP from http://www.pgpi.org
> PGP-Key: 1024D/DFFE21F1 - Get it from http://mmc.sourceforge.net/biesi.asc
> Key also available at PGP Keyservers
> Key fingerprint = E60D 24FC BBC5 97CE 5421 C0FE 311B 7F82 DFFE 21F1
More information about the bind-users
mailing list