Configuring Bind for use with OpenNIC

Kevin Darcy kcd at daimlerchrysler.com
Thu Jul 5 17:36:18 UTC 2001


Define "master". According to the RFC (1996), a "master" is any server that
could conceivably provide zone transfers to "slaves", i.e. any authoritative
server qualifies as a "master" in RFC 1996 terms. This has nothing whatsoever
to do with whether the nameserver is configured as a "master" or not, i.e.
whether it's configured to load the zone from disk. BIND finally got around to
fully realizing the impact of this definition in BIND 8.2.3-T1A (see item
#925).

You didn't _notice_ that all of your slaves were sending NOTIFYs, as of
BIND 8.2.3?? Believe me, we noticed this in a *big* way...


- Kevin

Marc C Storck wrote:

> Why that???
> if you slave a zone and you are not the master, you don't notify any
> server!!!
> (Of course you should not set notify-also.... but that's not required by
> OpenNIC)
> And BTW OpenNIC only requires this for TLD Operators who want to be listed
> and included in OpenNIC
>
> Marc
>
> ----- Original Message -----
> From: Kevin Darcy <kcd at daimlerchrysler.com>
> To: <comp-protocols-dns-bind at moderators.isc.org>
> Sent: Thursday, July 05, 2001 6:58 PM
> Subject: Re: Configuring Bind for use with OpenNIC
>
> >
> > Why on earth would OpenNIC want everyone to be a slave of the root zone?
> Don't
> > they realize that whenever the root zone changes, this means *everyone*
> who is
> > running a recent version of BIND will NOTIFY *all* of the root
> nameservers? I
> > suspect they're getting swamped with NOTIFY traffic every time they change
> the
> > zone. Bad design decision, I'd say.
> >
> >
> > - Kevin
> >
> > cbiesinger at web.de wrote:
> >
> > > Hello!
> > > At the moment, I'm trying to configure my bind for use with OpenNIC
> > > (http://www.opennic.unrated.net if you're interested).
> > > It's supposed to be mostly a caching nameserver, but also serving one
> > > local domain.
> > >
> > > Now, the Problem I have is that now and then Bind stops answering
> > > queries. The log doesn't seem to contain unusual messages, but here
> > > are some lines which might relate to this problem:
> > > Jul  4 19:47:56 chello212186200128 named[17066]: Sent NOTIFY for " IN
> > > SOA 2001052201" (); 8 NS, 8 A
> > > Jul  4 19:54:15 chello212186200128 named[17066]: ns_forw:
> > > query(www.parody) All possible A RR's lame
> > >
> > > The version is: named 8.2.4-REL-NOESW Fri Jun  1 01:18:38 MDT 2001
> > >
> > > My config file is as follows: (The file /etc/bind/tld-root exists & is
> > > the one from http://www.opennic.unrated.net/server.html)
> > >
> > > // This is the primary configuration file for the BIND DNS server named.
> > > //
> > > // Please read /usr/share/doc/bind/README.Debian for information on the
> > > // structure of BIND configuration files in Debian for BIND versions
> 8.2.1
> > > // and later, *BEFORE* you customize this configuration file.
> > > //
> > >
> > > options {
> > >         directory "/var/cache/bind";
> > >         listen-on { 192.168.1.1; };
> > >
> > >         // If there is a firewall between you and nameservers you want
> > >         // to talk to, you might need to uncomment the query-source
> > >         // directive below.  Previous versions of BIND always asked
> > >         // questions using port 53, but BIND 8.1 and later use an
> unprivileged
> > >         // port by default.
> > >
> > >         // query-source address * port 53;
> > >
> > >         // If your ISP provided one or more IP addresses for stable
> > >         // nameservers, you probably want to use them as forwarders.
> > >         // Uncomment the following block, and insert the addresses
> replacing
> > >         // the all-0's placeholder.
> > >
> > >         // forwarders {
> > >         //      0.0.0.0;
> > >         // };
> > > };
> > >
> > > // reduce log verbosity on issues outside our control
> > > logging {
> > >         category lame-servers { null; };
> > >         category cname { null; };
> > > };
> > >
> > > // prime the server with knowledge of the root servers
> > > zone "." {
> > > //        type hint;
> > > //        file "/etc/bind/db.root";
> > > // Adding OpenNIC support (http://www.opennic.unrated.net)
> > > // (Wed Jul  4 19:35:12 CEST 2001)
> > >         type slave;
> > >         file "/etc/bind/tld-root";
> > >         masters { 216.74.72.5; 165.251.126.11; 209.21.75.52; };
> > > };
> > >
> > > // be authoritative for the localhost forward and reverse zones, and for
> > > // broadcast zones as per RFC 1912
> > >
> > > zone "localhost" {
> > >         type master;
> > >         file "/etc/bind/db.local";
> > > };
> > >
> > > zone "127.in-addr.arpa" {
> > >         type master;
> > >         file "/etc/bind/db.127";
> > > };
> > >
> > > zone "0.in-addr.arpa" {
> > >         type master;
> > >         file "/etc/bind/db.0";
> > > };
> > >
> > > zone "255.in-addr.arpa" {
> > >         type master;
> > >         file "/etc/bind/db.255";
> > > };
> > >
> > > // add entries for other zones below here
> > >
> > > zone "biesinger.at" {
> > >         type master;
> > >         file "/etc/bind/db.biesinger.at";
> > > };
> > >
> > > zone "1.168.192.in-addr.arpa" {
> > >         type master;
> > >         file "/etc/bind/db.192";
> > > };
> > >
> > > --
> > > Encrypted Emails strongly preferred! Get PGP from http://www.pgpi.org
> > > PGP-Key: 1024D/DFFE21F1 - Get it from
> http://mmc.sourceforge.net/biesi.asc
> > > Key also available at PGP Keyservers
> > > Key fingerprint = E60D 24FC BBC5 97CE 5421  C0FE 311B 7F82 DFFE 21F1
> >
> >
> >
> >





More information about the bind-users mailing list