critisise me ;-)

Mark_Andrews at isc.org Mark_Andrews at isc.org
Sun Dec 1 21:42:35 UTC 2002


> 
> hello all,
> 
> after reading the dns and bind book, some rfcs and the bind admin
> manual (which btw every newbie should do) i was ready to set up my first bind
>  (9.2.1 on rh8.0).
> i configured it as a slave for two other primaries and it runs in a chroot ja
> il.
> it works like a charm :-) here's the named.conf. i'd like to know from you pr
> os what
> could/should i've done differently or better. specially the logging is inters
> ting to me.

	Well you could show the whole configuration.  In particular
	"/chroot/named/etc/namedb/dns-zones".  The reason I say this is that
	you have specified some options at the global level that need
	to be changed at the zone level if you are especially if you
	are listed as a nameserver for the zones.

	Mark

> 
> TIA,
> Thomas Kaschuba
> 
> options {
> 
> directory "/chroot/named/etc/namedb";
>           cleaning-interval 120;
>           allow-recursion { trusted; };
>           blackhole { devnulled; };
>           interface-interval 0;
>           allow-transfer { transhosts; };
>           allow-query { trusted; };
> };
> 
> controls {
>         inet 127.0.0.1 allow { localhost; } keys { rndckey; };
> };
> 
> logging {
>   channel namedlog {
>     file "/chroot/named/etc/named-log" versions 4 size 10m;
>     print-time yes;
>     severity info;
>   };
>   category lame-servers { namedlog; };
>   category default { namedlog; };
>   category update { namedlog; };
>   category security { namedlog; };
> };
> 
> acl "trusted" { 
>                    localhost;
>                    x.x.x.x/24;
>                    x.x.x.x/24;
>                    x.x.x.x/24;
>                    x.x.x.x;
> };
> 
> acl "devnulled" {
>                    0.0.0.0/8;
>                    1.0.0.0/8;
>                    2.0.0.0/8;
>                    192.0.2.0/24;
>                    224.0.0.0/3;
>                    10.0.0.0/8;
>                    172.16.0.0/12;
>                    192.168.0.0/16;
>                    x.x.x.x/24;
>                    x.x.x.x/24;
> };
> 
> acl "transhosts" {
>                    localhost;
>                    x.x.x.x/24;
>                    x.x.x.x/24;
>                    x.x.x.x/24;
>                    x.x.x.x;
> };
> 
> 
> zone "." IN {
>         type hint;
>         file "hints.db";
> };
> 
> zone "localhost" IN {
>         type master;
>         file "/chroot/named/etc/namedb/localhost.zone";
>         allow-update { none; };
> };
> 
> zone "0.0.127.in-addr.arpa" IN {
>         type master;
>         file "/chroot/named/etc/namedb/named.local";
>         allow-update { none; };
> };
> 
> include "/etc/rndc.key";
> include "/chroot/named/etc/namedb/dns-zones";
> 
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org


More information about the bind-users mailing list