bind9 question.

[Kevin Darcy]

"C. Maki" wrote:

> I'm not sure which group to post this in, so I'm putting it in both.
>
> I recently put together a new OpenBSD 3.0 box. The sole purpose of this box
> was to be a primary name server for a domain. After configuring it to my
> liking, I downloaded and update the ports tree, cd'd to
> /usr/ports/net/bind9/ and typed 'make' and then later 'make install'.
>
> I already have a Red Hat box running bind9, and I've noticed some major
> differences. The Red Hat bind uses named.conf and the process when launched
> spawns some children and runs with a total of 5 processes.The OpenBSD box
> uses the older named.boot, and exists as only one process.
>
> The process thing really doesn't bother me, it's the lack of the ability to
> use named.conf. As far as I can tell, I can't get rndc to work w/o using a
> named.conf file, and I want to be able to secure the nameserver by refusing
> zone transfers, a method I know how to do in named.conf, but haven't yet
> researched in named.boot.
>
> Can someone tell me if I did something wrong? I can't tell what version of
> named is actually running either, cause the old dig @ version.bind chaos.txt
> trick doesn't work on this server.

The "multiple processes" display on Linux is harmless. Linux apparently shows
each thread of a process as a separate process in a "ps" display.

The fact that the OpenBSD box uses named.boot is a bigger cause for concern. It
means that it is using a nameserver based on old BIND 4 code, which is likely
to have all sorts of security as well as usability issues. If you care about
security, your first order of business should be to upgrade the OpenBSD to a
more modern version of BIND -- BIND 8.3.1 or, preferably, BIND 9.2.0. Note that
rndc only works with BIND 9.


- Kevin