| View previous topic :: View next topic |
| Author |
Message |
phillosophy
Tux's lil' helper
Joined: 23 May 2005
Posts: 94
|
 Posted: Mon May 23, 2005 7:10 pm Post subject: Setting up BIND |
 |
|
| Anyone know a good tutorial in setting up BIND on gentoo? thanks in advance! |
|
| Back to top |
|
 |
jhunholz
Apprentice
Joined: 29 Apr 2004
Posts: 154
Location: Raleigh, NC
|
| Posted: Mon May 23, 2005 7:16 pm Post subject: |
|
|
Setting up bind on Gentoo is pretty much the same as setting it up anywhere else...do some googling on it. If you need any help on specific parts, PM me and I can help.
_________________
Member of the Gentoo Right Wing Conspiracy |
|
| Back to top |
|
|
phillosophy
Tux's lil' helper
Joined: 23 May 2005
Posts: 94
|
| Posted: Mon May 23, 2005 7:54 pm Post subject: |
|
|
| did you find it better to compile from source or emerging it? |
|
| Back to top |
|
|
Maedhros
Bodhisattva
Joined: 14 Apr 2004
Posts: 5511
Location: Durham, UK
|
| Posted: Mon May 23, 2005 8:52 pm Post subject: |
|
|
Moved from Installing Gentoo.
_________________
No-one's more important than the earthworm. |
|
| Back to top |
|
|
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Mon May 23, 2005 9:11 pm Post subject: |
|
|
I emerged mine and haven't had any problems. 10k domains and 150 queries /sec at peak judging from my logs.
Here's my config. It's geared more to an ISP setup, but it's got some decent stuff in it.
| Code: |
options {
directory "/var/named";
statistics-file "/var/named/named.stats";
dump-file "/var/adm/named.dump";
zone-statistics yes;
allow-recursion { 127.0.0.1; 10.0.0.0/8; };
allow-transfer { other.name.servers; };
notify yes;
also-notify { other.name.servers; };
pid-file "/var/run/named/named.pid";
recursive-clients 10000; // default 1000 is too low for us
serial-query-rate 10; // default 20
max-transfer-time-in 60; // kills transfers after 60 minutes
transfer-format many-answers; // Generates more efficient zone transfers
interface-interval 0; // we have no dynamic interfaces
};
logging {
channel default_file { file "/var/log/named/default.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel general_file { file "/var/log/named/general.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel database_file { file "/var/log/named/database.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel security_file { file "/var/log/named/security.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel config_file { file "/var/log/named/config.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel resolver_file { file "/var/log/named/resolver.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel xfer-in_file { file "/var/log/named/xfer-in.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel xfer-out_file { file "/var/log/named/xfer-out.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel notify_file { file "/var/log/named/notify.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel client_file { file "/var/log/named/client.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel unmatched_file { file "/var/log/named/unmatched.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel queries_file { file "/var/log/named/queries.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel network_file { file "/var/log/named/network.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel update_file { file "/var/log/named/update.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel dispatch_file { file "/var/log/named/dispatch.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel dnssec_file { file "/var/log/named/dnssec.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel lame-servers_file { file "/var/log/named/lame-servers.log" versions 3 size 5m; severity dynamic; print-time yes; };
category default { default_file; };
category general { general_file; };
category database { database_file; };
category security { security_file; };
category config { config_file; };
category resolver { resolver_file; };
category xfer-in { xfer-in_file; };
category xfer-out { xfer-out_file; };
category notify { notify_file; };
category client { client_file; };
category unmatched { unmatched_file; };
category queries { queries_file; };
category network { network_file; };
category update { update_file; };
category dispatch { dispatch_file; };
category dnssec { dnssec_file; };
category lame-servers { lame-servers_file; };
};
// Include to ACLs
include "/var/named/conf/acls.conf";
// Includes to actual zone files
include "/var/named/conf/customer1.conf";
include "/var/named/conf/customer2.conf";
[/ |
code]
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
phillosophy
Tux's lil' helper
Joined: 23 May 2005
Posts: 94
|
| Posted: Tue May 24, 2005 2:54 pm Post subject: Setting up network before bind |
|
|
| Before emerging bind, I'm setting up the /etc/conf.d/net file with a static internet ip address, gateway and subnet mask. I would like the box to also act as a secondary name server as well as a primary using a second ip. Do I need to configure iface_eth1 line in the txt file before configuring bind? |
|
| Back to top |
|
|
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Tue May 24, 2005 3:51 pm Post subject: |
|
|
Shouldn't matter as long as you restart Bind after you setup your new IP.
BTW the actual lines for adding zones in the customer.conf files look like this:
| Code: |
zone "domain1.com" IN { type master; file "customer1/domain1.com"; };
zone "domain2.com" IN { type master; file "customer1/domain2.com"; };
zone "domain3.com" IN { type master; file "customer1/domain3.com"; allow-query { acl-name; }; };
|
I like the single line formating. It makes sed magic easier, allows nice alphabetically sorting, and easier to generate slave configs.
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
phillosophy
Tux's lil' helper
Joined: 23 May 2005
Posts: 94
|
| Posted: Sat May 28, 2005 5:37 pm Post subject: BIND 9 : Do you replace all localhost entries or leave them? |
|
|
I'm attempting to set up Bind 9.2.5. In the named.conf and zone files, I noticed there are localhost and 127 zone files. To make the DNS server act as a name server for the webserver and mail server which will be on the same machine, do you have to replace all entries with localhost and 127.0.0? ...especially the SOA entries?
thanks in advance |
|
| Back to top |
|
|
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Wed Jun 01, 2005 5:50 pm Post subject: |
|
|
Not sure what you're asking exactly. I think I avoid all the SOA nonsense by naming my zones the domain name. Assuming you do that your zones can look like this
| Code: |
laxlxns01 personal # more badapple.net
$TTL 600
; badapple.net
@ IN SOA laxlxns01.zanti.com. hostmaster.jettissystems.com. (
2004092701 ; serial
12h ; refresh
1h ; retry
2w ; expire
1h ; minimum
)
IN NS laxlxns01.zanti.com.
IN NS laxlxns02.zanti.com.
IN MX 10 mail.badapple.net.
@ IN A 38.118.146.198
; host records
localhost IN A 127.0.0.1
* IN A 38.118.146.198
|
You can't do that with reverse zones so they are going to look like this:
| Code: |
laxlxns01 reverse # more 10.20.8.0
$TTL 600
8.20.10.in-addr.arpa. IN SOA laxlxns01.zanti.com. hostmaster.jettissystems.com. (
2004112901 ; serial
12h ; refresh
1h ; retry
2w ; expire
1d ; default_ttl
)
8.20.10.in-addr.arpa. IN NS laxlxns01.zanti.com.
IN NS laxlxns02.zanti.com.
;
; DB VLAN
11 IN PTR dbtest.zanti.com.
|
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
cherring
n00b
Joined: 18 Feb 2006
Posts: 8
Location: Sydney
|
| Posted: Tue Feb 28, 2006 8:18 am Post subject: |
|
|
| kashani wrote: |
allow-recursion { 127.0.0.1; 10.0.0.0/8; };
|
Is the 10.0.0.0/8 for your private IP address on your LAN, what about for my server out on the internet? Would I put xxx.xxx.xxx.0/8 where xxx.xxx.xxx.xxx is my public IP address? Do I just have 127.0.0.0? I must admit DNS is the area I have the least knowlege so any help is appreciated.
Cheers |
|
| Back to top |
|
|
cherring
n00b
Joined: 18 Feb 2006
Posts: 8
Location: Sydney
|
| Posted: Tue Feb 28, 2006 10:47 am Post subject: |
|
|
Using the above configuration I can use my nameserver as a namerserver for my home system, but when I try to use it to contact any other domain it says that the domain can't be contacted. Can the above configuration be used for this kind of setup or can it only be used to provide DNS information to the rest of the internet regarding the domains being hosted on my server?
Cheers. |
|
| Back to top |
|
|
PaulBredbury
Watchman
Joined: 14 Jul 2005
Posts: 7310
|
| Posted: Tue Feb 28, 2006 12:10 pm Post subject: |
|
|
| phillosophy wrote: | | did you find it better to compile from source or emerging it? |
Emerging it does compile it from source. Here's some example bind config files. |
|
| Back to top |
|
|
|
Networking & Security
