[olug] Bind 9

Quinn Coldiron qcoldir at nmhs.org
Fri Apr 11 15:10:11 UTC 2003


Thanks all for the help.  I've set permissions like Shane said, etc.  I
think I'm gonna recompile and/or try the RPMS.  This is just odd.

Quinn

On Fri, 2003-04-11 at 09:36, Blaufuss, Shane wrote:
> Nothing stands out as being incorrect...The only difference is that you have
> your rndc key stored in the conf file, whereas I store it in /etc/rndc.key
> and include it from the conf file.  Shouldn't make a difference, though.
> Not that I would think.  I'm interested in seeing your directory permissions
> for /var/named/ and /var/named/pz/.  BIND 9 (and I think 8 did as well) runs
> as user NAMED.  My zone files are owned by root:named, with permissions set
> to 640.
> 
> # cat /etc/named.conf
> options {directory "/var/named/";
> 	allow-transfer{<secondary nameservers here>};
> };
> controls {inet 127.0.0.1 allow {localhost;} keys {rndckey;};};
> include "/etc/rndc.key";
> 
> //Hints (root nameservers)
> zone "." {type hint; file "named.ca";};
> 
> //Reverse Zones
> zone "120.99.63.in-addr.arpa."		in {type master;file
> "63.99.120.rev";};
> 
> SAMPLE FILE PERMISSIONS:
> -rw-r-----    1 root     named         672 Aug 27  2002
> /var/named/master/fnbo/ftspower.com.hosts
> 
> -----Original Message-----
> From: Quinn Coldiron [mailto:qcoldir at nmhs.org] 
> Sent: Thursday, April 10, 2003 2:34 PM
> To: Omaha Linux User Group
> Subject: Re: [olug] Bind 9
> 
> 
> here is my named.conf.  I see the allow part in the controls area, but I
> don't understand the docs that I've been reading on configuring that.
> 
> 
> 
> 
> 
> 
> // Config file for caching only name server
> //
> // The version of the HOWTO you read may contain leading spaces
> // (spaces in front of the characters on these lines ) in this and
> // other files.  You must remove them for things to work.
> //
> // Note that the filenames and directory names may differ, the
> // ultimate contents of should be quite similar though.
> 
> options {
>         directory "/var/named";
> 
>         // Uncommenting this might help if you have to go through a
>         // firewall and things are not working out.  But you probably
>         // need to talk to your firewall admin.
> 
>         // query-source port 53;
> };
> 
> controls {
>         inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
> };
> 
> key "rndc_key" {
>         algorithm hmac-md5;
>         secret
> "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
> };
> 
> zone "." {
>         type hint;
>         file "root.hints";
> };
> 
> zone "0.0.127.in-addr.arpa" {
>         type master;
>         file "pz/127.0.0";
> };
> 
> zone "nmhs.org"{
> 	type master;
> 	notify no;
> 	file "pz/nmhs.org";
> };
> 
> 
> 
> 
> 
> 
> 
> On Thu, 2003-04-10 at 14:17, Phil Brutsche wrote:
> > A long time ago, in a galaxy far, far way, someone said...
> > 
> > > I've got a Bind 9 server I'm setting up on RH.  So far, the zone and
> > > everything looks good and works when querying from the localhost, but
> > > other boxes can query the server.
> > >
> > > I'm following the DNS howto as much as possible.  Anything I should know
> > > that's special about Bind 9?
> > 
> > It's pickier about zone files than BIND 8, but other than that no.
> > 
> > RH may have set some defaults to allow only localhost to make queries.
> > There may also be some sort of firewall configuration.
> > 
> > Look for some line that might look something like one of these in
> > named.conf:
> > 
> > allow-query { 127.0.0.1; };
> > allow-recursion { 127.0.0.1; };
> > listen-on { 127.0.0.1; };
> > 
> > Grepping /var/log/messages for references to named may shed light on the
> > situation.
> > 
> > Posting the options section of the config file, if you can, will help as
> > well.
-- 

-----------------------------
Quinn P. Coldiron
Cerner Technical Coordinator
Nebraska Methodist Hospital
402-354-1619
qcoldir at nmhs.org




More information about the OLUG mailing list