First time config - room for improvement?

Paul Cocker paul.cocker at tntpost.co.uk
Wed Aug 27 16:46:56 UTC 2008


While I have worked with BIND 9.x before, I've never had to set it up
from scratch. Due to a server migration I need to setup a new instance
of BIND, but would prefer to start afresh due to the old config being a
mish-mash of various BIND versions.

Running on CentOS 5.2 I am using BIND 9.3.4 running within a chroot
environment. I've confirmed that the service can start so all looks well
having used the BIND samples under /usr/share/doc as a starting point,
but what I want to check is whether the config can be improved, have I
missed any settings necessary to run a secure system (especially
important to me), is there anything here which might bite me in the ass
later on, etc.

I should note that the role of the BIND service is two-folder, in one
instance it is acting as the authoritative name server for a domain, in
the other it is acting as a name cache for localhost.

acl slaves
{
        IPAddress;
	IPAddress2;
};

options
{
        directory "/var/named"; // the default
        dump-file               "data/cache_dump.db";
        statistics-file         "data/named_stats.txt";
        memstatistics-file      "data/named_mem_stats.txt";
        version                 "random text";
};
logging
{
        channel default_debug {
                file "data/named.run" versions 5 size 2M;
                severity dynamic;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        category lame-servers { null; };
};

view "localhost_resolver"
{
        match-clients           { localhost; };
        match-destinations      { localhost; };

        recursion yes;

        include "/etc/named.root.hints";
        include "/etc/named.rfc1912.zones";
};

view    "external"
{
        match-clients           { any; };
        match-destinations      { any; };

        recursion no;

        include "/etc/named.root.hints";

        zone "domain.co.uk.zone" {
                type master;
                file "domain.co.uk.zone.db";
                allow-transfer { slaves; };
        };

        zone "#.#.#.#.in-addr.arpa" {
                type master;
                file "domain.co.uk.arpa.db";
                allow-transfer { slaves; };
        };

};

Many thanks,

Paul Cocker




TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897),TNT Post North Ltd (05701709) and TNT Post South West Ltd (05983401). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY.



More information about the bind-users mailing list