[olug] Bind 9

Trent Melcher tmelcher at trilogytel.com
Fri Apr 11 14:47:01 UTC 2003 

Quinn

My thoughts are the same as you know from my previous posts,  when you
compiled the source did you get any warnings or errors at all.  Seems funny
that its not working unless the compile didnt go smoothly.

You might want to try the bind rpm that comes with RH to test with against
your config files and make sure that works.  I dont know if it supports the
rndc keys though.

Trent

-----Original Message-----
From: olug-bounces at olug.org [mailto:olug-bounces at olug.org]On Behalf Of
Blaufuss, Shane
Sent: Friday, April 11, 2003 9:37 AM
To: Omaha Linux User Group
Subject: RE: [olug] Bind 9


Nothing stands out as being incorrect...The only difference is that you have
your rndc key stored in the conf file, whereas I store it in /etc/rndc.key
and include it from the conf file.  Shouldn't make a difference, though.
Not that I would think.  I'm interested in seeing your directory permissions
for /var/named/ and /var/named/pz/.  BIND 9 (and I think 8 did as well) runs
as user NAMED.  My zone files are owned by root:named, with permissions set
to 640.

# cat /etc/named.conf
options {directory "/var/named/";
	allow-transfer{<secondary nameservers here>};
};
controls {inet 127.0.0.1 allow {localhost;} keys {rndckey;};};
include "/etc/rndc.key";

//Hints (root nameservers)
zone "." {type hint; file "named.ca";};

//Reverse Zones
zone "120.99.63.in-addr.arpa."		in {type master;file
"63.99.120.rev";};

SAMPLE FILE PERMISSIONS:
-rw-r-----    1 root     named         672 Aug 27  2002
/var/named/master/fnbo/ftspower.com.hosts

-----Original Message-----
From: Quinn Coldiron [mailto:qcoldir at nmhs.org]
Sent: Thursday, April 10, 2003 2:34 PM
To: Omaha Linux User Group
Subject: Re: [olug] Bind 9


here is my named.conf.  I see the allow part in the controls area, but I
don't understand the docs that I've been reading on configuring that.






// Config file for caching only name server
//
// The version of the HOWTO you read may contain leading spaces
// (spaces in front of the characters on these lines ) in this and
// other files.  You must remove them for things to work.
//
// Note that the filenames and directory names may differ, the
// ultimate contents of should be quite similar though.

options {
        directory "/var/named";

        // Uncommenting this might help if you have to go through a
        // firewall and things are not working out.  But you probably
        // need to talk to your firewall admin.

        // query-source port 53;
};

controls {
        inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};

key "rndc_key" {
        algorithm hmac-md5;
        secret
"c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};

zone "." {
        type hint;
        file "root.hints";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "pz/127.0.0";
};

zone "nmhs.org"{
	type master;
	notify no;
	file "pz/nmhs.org";
};







On Thu, 2003-04-10 at 14:17, Phil Brutsche wrote:
> A long time ago, in a galaxy far, far way, someone said...
>
> > I've got a Bind 9 server I'm setting up on RH.  So far, the zone and
> > everything looks good and works when querying from the localhost, but
> > other boxes can query the server.
> >
> > I'm following the DNS howto as much as possible.  Anything I should know
> > that's special about Bind 9?
>
> It's pickier about zone files than BIND 8, but other than that no.
>
> RH may have set some defaults to allow only localhost to make queries.
> There may also be some sort of firewall configuration.
>
> Look for some line that might look something like one of these in
> named.conf:
>
> allow-query { 127.0.0.1; };
> allow-recursion { 127.0.0.1; };
> listen-on { 127.0.0.1; };
>
> Grepping /var/log/messages for references to named may shed light on the
> situation.
>
> Posting the options section of the config file, if you can, will help as
> well.
--

-----------------------------
Quinn P. Coldiron
Cerner Technical Coordinator
Nebraska Methodist Hospital
402-354-1619
qcoldir at nmhs.org


_______________________________________________
OLUG mailing list
OLUG at olug.org
http://lists.olug.org/mailman/listinfo/olug

_______________________________________________
OLUG mailing list
OLUG at olug.org
http://lists.olug.org/mailman/listinfo/olug

More information about the OLUG mailing list