[olug] Bind 9

Blaufuss, Shane sblaufuss at fnni.com
Fri Apr 11 14:36:34 UTC 2003 

Nothing stands out as being incorrect...The only difference is that you have
your rndc key stored in the conf file, whereas I store it in /etc/rndc.key
and include it from the conf file.  Shouldn't make a difference, though.
Not that I would think.  I'm interested in seeing your directory permissions
for /var/named/ and /var/named/pz/.  BIND 9 (and I think 8 did as well) runs
as user NAMED.  My zone files are owned by root:named, with permissions set
to 640.

# cat /etc/named.conf
options {directory "/var/named/";
	allow-transfer{<secondary nameservers here>};
};
controls {inet 127.0.0.1 allow {localhost;} keys {rndckey;};};
include "/etc/rndc.key";

//Hints (root nameservers)
zone "." {type hint; file "named.ca";};

//Reverse Zones
zone "120.99.63.in-addr.arpa."		in {type master;file
"63.99.120.rev";};

SAMPLE FILE PERMISSIONS:
-rw-r-----    1 root     named         672 Aug 27  2002
/var/named/master/fnbo/ftspower.com.hosts

-----Original Message-----
From: Quinn Coldiron [mailto:qcoldir at nmhs.org] 
Sent: Thursday, April 10, 2003 2:34 PM
To: Omaha Linux User Group
Subject: Re: [olug] Bind 9


here is my named.conf.  I see the allow part in the controls area, but I
don't understand the docs that I've been reading on configuring that.






// Config file for caching only name server
//
// The version of the HOWTO you read may contain leading spaces
// (spaces in front of the characters on these lines ) in this and
// other files.  You must remove them for things to work.
//
// Note that the filenames and directory names may differ, the
// ultimate contents of should be quite similar though.

options {
        directory "/var/named";

        // Uncommenting this might help if you have to go through a
        // firewall and things are not working out.  But you probably
        // need to talk to your firewall admin.

        // query-source port 53;
};

controls {
        inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};

key "rndc_key" {
        algorithm hmac-md5;
        secret
"c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};

zone "." {
        type hint;
        file "root.hints";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "pz/127.0.0";
};

zone "nmhs.org"{
	type master;
	notify no;
	file "pz/nmhs.org";
};







On Thu, 2003-04-10 at 14:17, Phil Brutsche wrote:
> A long time ago, in a galaxy far, far way, someone said...
> 
> > I've got a Bind 9 server I'm setting up on RH.  So far, the zone and
> > everything looks good and works when querying from the localhost, but
> > other boxes can query the server.
> >
> > I'm following the DNS howto as much as possible.  Anything I should know
> > that's special about Bind 9?
> 
> It's pickier about zone files than BIND 8, but other than that no.
> 
> RH may have set some defaults to allow only localhost to make queries.
> There may also be some sort of firewall configuration.
> 
> Look for some line that might look something like one of these in
> named.conf:
> 
> allow-query { 127.0.0.1; };
> allow-recursion { 127.0.0.1; };
> listen-on { 127.0.0.1; };
> 
> Grepping /var/log/messages for references to named may shed light on the
> situation.
> 
> Posting the options section of the config file, if you can, will help as
> well.
-- 

-----------------------------
Quinn P. Coldiron
Cerner Technical Coordinator
Nebraska Methodist Hospital
402-354-1619
qcoldir at nmhs.org


_______________________________________________
OLUG mailing list
OLUG at olug.org
http://lists.olug.org/mailman/listinfo/olug

More information about the OLUG mailing list