alias_ip
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Thu May 20 05:11:33 UTC 2004
Jeff <nospam at noway.nohow> wrote:
> im trying to upgrade my hp-ux box dns from 4.97 to 9.2.
> im using the alias_ip directive in my named.boot file.
> Is the "alias_ip" directive of BIND 4.9.7's named.boot file
> a valid directive if used in BIND 9.2's named.conf file?
No.
> does anyone have any refernces they could point me to
> concerning this topic?
Bind-9 documentation is bundled with the source. If your vendor
is lazy enought to skip the documentation you can find
copyies all over internet.
There is a "migration-4to9" included :
<quote>
Copyright (C) 2001 Internet Software Consortium.
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
$Id: migration-4to9,v 1.3 2001/05/19 01:20:16 gson Exp $
BIND 4 to BIND 9 Migration Notes
To transition from BIND 4 to BIND 9 you first need to convert your
configuration file to the new format. There is a conversion tool in
contrib/named-bootconf that allows you to do this.
named-bootconf.sh < /etc/named.boot > /etc/named.conf
BIND 9 uses a system assigned port for the UDP queries it makes rather
than port 53 that BIND 4 uses. This may conflict with some firewalls.
The following directives in /etc/named.conf allows you to specify
a port to use.
query-source address * port 53;
transfer-source * port 53;
notify-source * port 53;
BIND 9 no longer uses the minimum field to specify the TTL of records
without a explicit TTL. Use the $TTL directive to specify a default TTL
before the first record without a explicit TTL.
$TTL 3600
@ IN SOA ns1.example.com. hostmaster.example.com. (
2001021100
7200
1200
3600000
7200 )
BIND 9 does not support multiple CNAMEs with the same owner name.
Illegal:
www.example.com. CNAME host1.example.com.
www.example.com. CNAME host2.example.com.
BIND 9 does not support "CNAMEs with other data" with the same owner name,
ignoring the DNSSEC records (SIG, NXT, KEY) that BIND 4 did not support.
Illegal:
www.example.com. CNAME host1.example.com.
www.example.com. MX 10 host2.example.com.
BIND 9 is less tolerant of errors in master files, so check your logs and
fix any errors reported. The named-checkzone program can also be to check
master files.
Outgoing zone transfers now use the "many-answers" format by default.
This format is not understood by certain old versions of BIND 4.
You can work around this problem using the option "transfer-format
one-answer;", but since these old versions all have known security
problems, the correct fix is to upgrade the slave servers.
<end quote>
The function you ask for "alias_ip" is replaced with a config statement
"listen-on" , a snippet from the Arm book :
<quote>
6.2.14.4. Interfaces
The interfaces and ports that the server will answer queries from may be specified using the listen-on option. listen-on takes an optional port, and an address_match_list. The server will listen on all interfaces allowed by the address match list. If a port is not specified, port 53 will be used.
Multiple listen-on statements are allowed. For example,
listen-on { 5.6.7.8; };
listen-on port 1234 { !1.2.3.4; 1.2/16; };
will enable the nameserver on port 53 for the IP address 5.6.7.8, and on port 1234 of an address on the machine in net 1.2 that is not 1.2.3.4.
If no listen-on is specified, the server will listen on port 53 on all interfaces.
<end quote>
a copy of the arm book is available at "http://www.ipsec.se/dns/bind9/Bv9ARM.html"
> TIA
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list