suspected named.conf inadequacies

Lee, Elizabeth Elizabeth.Lee.contractor at fnmoc.navy.mil
Thu Mar 15 21:11:40 UTC 2001




As the new kid on the block (and also a member of the Despised Order of
Contractors), I have been tasked to bring the DNS servers in this complex up
to a secure level of BIND;  we chose 8.2.3 because it was reported to be
secure and less buggy.  We have 6 nameservers, 5 of them masters (due to
subnetting, I am told) and one slave. The solitary slave is on the outside
of the firewall.  After much wailing and gnashing of teeth, I have BIND
binaries that run on Solaris 2.6 and 2.5.1, and I have successfully
installed those binaries on 5 of the servers, four on the "in" side of the
firewall and, as odd as it sounds, the one on the "out" side of the
firewall;  the master server for the slave is the ONLY one I cannot get the
BIND binary to run on -- everytime I start the new binary on that box, it
freezes up like a nerd at the school dance.

subnetted network

  master  06			Solaris 2.6, BIND 8.2.3
  master  05			Solaris 2.6, BIND 8.2.3
  master  04			Solaris 2.5.1, BIND 8.2.3
  master  03			Solaris 2.5.1, BIND 8.2.3
  master  02			Solaris 2.6, BIND 4.9.4   -----> clinker
*****FIREWALL*****
  slave   01			Solaris 2.6, BIND 8.2.3

here is the named.conf file for master 02:

options {
        directory "/etc/named";
};

zone "." {
        type hint;
        file "named.ca";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "0.0.127.in-a.a";
};

zone "fnoc.navy.mil" {
        type master;
        file "fnoc.navy.mil";
};

zone "fnmoc.navy.mil" {
        type master;
        file "fnmoc.navy.mil";

};

zone "80.152.in-addr.arpa" {
        type master;
        file ".80.152.in-a.a";
};


for the slave 01:
options {
        directory "/etc/named";
        named-xfer "/usr/sbin/named-xfer";
};

zone "." {
        type hint;
        file "named.ca";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "0.0.127.in-a.a";
};

zone "fnoc.navy.mil" {
        type slave;
        file "fnoc.navy.mil";
        masters {
                152.80.5.3;
        };
};


zone "fnmoc.navy.mil" {
        type slave;
        file "fnmoc.navy.mil";
        masters {
                152.80.5.3;
        };
};

zone "80.152.in-addr.arpa" {
        type slave;
        file ".80.152.in-a.a";
        masters {
                152.80.5.3;
        };
};


As I said, slave 01 is running well as far as I can determine (I am
monitoring the logs on real-time basis), doing zone transfers without errors
and responding.  But the master 02 is also a mail server, and whenever I
bring up the 8.2.3 binary, master 02 seems to cease doing external lookups
and gets generally tongue-tied -- which for a mail server, ain't good.  I
confess to being a neophyte at BIND configuration, and I am reading the conf
documents in the html section of the doc tarball, but I cannot determine if
any of those configuration options would alter the behavior of master 02.
Any pointers or other documents I should read?

Elizabeth Lee
FNMOC, Monterey CA




   


More information about the bind-users mailing list