| View previous topic :: View next topic |
| Author |
Message |
Antimatter
Guru
Joined: 11 Aug 2003
Posts: 463
|
 Posted: Mon Feb 26, 2007 5:33 pm Post subject: Bind 9 help, I did check all of the tutorials/documation! |
 |
|
I did look at all of the tutorials, and documentation that I could find on the internet, including the one on the gentoo wiki, and the bind's homepage and so forth. Haven't had much luck with getting my bind 9 config to work properly. It works great as a dns cache, I got that going pretty easily, but I'm struggling with making bind to be authoritative over my domain only and not forwarding it.
Basically if i execute a dig query, with "127.0.0.1" I will get the localhost name, then if i execute a dig query with "localhost" i will get the 127.0.0.1 ip address, but if i execute it with "localhost.localdomain" i will get the list of the root servers.... which confuses me. If I also removes the root.hint file from the bind config, and only use it in forward only mode it will still end up at the root servers.
Also I'm also hosting the authoritative dns for my own localdomain which is "elder" which i know don't exist out there on the internet, anyway if I execute a dig query with "amrutlar.elder." it will kinda of work, but if its "amrutlar" it will end up at a ip address that is not mine.
So anyway any suggestion/idea on how to implement this:
-Caching queries for queries not in my domain
-Being authoritative for queries in my domain
-If its a wrong query say "badaddress.elder" i want it to return address not found instead of going to the root servers
-Wants to be able to query "amrutlar" and "amrutlar.elder" and have them return the same ip address.
Anyway without additional ados here's my bind config below:
named.conf
| Code: |
// Including the rndc key
include "etc/conf/rndc-key.conf";
// Including the ACLs
include "etc/conf/acls.conf";
options {
// Statistics are a good idea to have generally
statistics-file "/var/log/named/named.stats";
dump-file "/var/log/named/named.dump";
zone-statistics yes;
// Who to allow queries and so forth from
allow-query { elder; };
listen-on { elder; };
listen-on-v6 { none; };
// Disable zone transfer requests
allow-transfer { "none"; };
pid-file "/var/run/named/named.pid";
};
// Include the logging config file
include "etc/conf/logging.conf";
// Including the default zone
include "etc/conf/zones/default.conf";
// Including the elder zone
include "etc/conf/zones/elder.conf";
|
acls.conf
| Code: |
acl elder {
127.0.0.1; // localhost
10.10.5.2; // localhost
10.10.5.0/24; //localnet
};
|
logging.conf
| Code: |
logging {
channel default_file { file "/var/log/named/default.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel general_file { file "/var/log/named/general.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel database_file { file "/var/log/named/database.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel security_file { file "/var/log/named/security.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel config_file { file "/var/log/named/config.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel resolver_file { file "/var/log/named/resolver.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel xfer-in_file { file "/var/log/named/xfer-in.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel xfer-out_file { file "/var/log/named/xfer-out.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel notify_file { file "/var/log/named/notify.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel client_file { file "/var/log/named/client.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel unmatched_file { file "/var/log/named/unmatched.log" versions 3 size 5m; severity dynamic; print-time yes;
channel queries_file { file "/var/log/named/queries.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel network_file { file "/var/log/named/network.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel update_file { file "/var/log/named/update.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel dispatch_file { file "/var/log/named/dispatch.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel dnssec_file { file "/var/log/named/dnssec.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel lame-servers_file { file "/var/log/named/lame-servers.log" versions 3 size 5m; severity dynamic; print-time
s; };
category default { default_file; };
category general { general_file; };
category database { database_file; };
category security { security_file; };
category config { config_file; };
category resolver { resolver_file; };
category xfer-in { xfer-in_file; };
category xfer-out { xfer-out_file; };
category notify { notify_file; };
category client { client_file; };
category unmatched { unmatched_file; };
category queries { queries_file; };
category network { network_file; };
category update { update_file; };
category dispatch { dispatch_file; };
category dnssec { dnssec_file; };
category lame-servers { lame-servers_file; };
};
|
rndc.conf
| Code: |
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "huhuh not telling";
};
|
default.conf
| Code: |
view "recursive" {
match-clients { elder; };
match-recursive-only yes;
// forward only;
// forwarders {
// 208.67.222.222; // openDNS
// 208.67.220.220; // openDNS
// };
// Required for recurssive queries
zone "." {
type hint;
file "etc/zones/default/root.servers";
};
// Required local host domain
zone "localhost" in {
type master;
file "etc/zones/default/localhost";
allow-update { none; };
allow-transfer { localhost; };
};
// Required local host reverse map
zone "127.in-addr.arpa" in {
type master;
file "etc/zones/default/localhost.rev";
allow-update { none; };
allow-transfer { localhost; };
};
// Unknown
zone "com" {
type delegation-only;
};
// Unknown
zone "net" {
type delegation-only;
};
};
|
elder.conf
| Code: |
view "authoritative" {
recursion no;
additional-from-auth no;
additional-from-cache no;
forwarders {};
// The dns zone for the elder domain
zone "elder" in {
type master;
file "etc/zones/elder/elder";
};
// The reverse map for the elder domain
zone "10.10.10.in-addr.arpa" in {
type master;
file "etc/zones/elder/elder.rev";
};
};
|
localhost
| Code: |
$ORIGIN localhost.
$TTL 6h
@ IN SOA amrutlar.elder. root.elder. (
2 ; serial
1h ; refresh
30m ; retry
7d ; expiration
1h ) ; minimum
NS amrular.elder.
A 127.0.0.1
|
localhost.rev
| Code: |
$ORIGIN 127.in-addr.arpa.
$TTL 6h
@ IN SOA amrutlar.elder. root.elder. (
2 ; serial
1h ; refresh
30m ; retry
7d ; expiration
1h ) ; minimum
NS amrutlar.elder.
1.0.0 PTR localhost.
|
root.servers
| Code: |
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.root
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jan 29, 2004
; related version of root zone: 2004012900
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
;
; operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; operated by ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File
|
elder
| Code: |
$TTL 1D ; One day
$ORIGIN elder.
amrutlar.elder IN SOA amrutlar.elder. root.elder. (
2007022502 ; Serial (change everytime the zone is changed)
6H ; Refresh
1H ; Retry
1W ; Expire
1D ; Minimum
)
; DNS Server
IN NS amrutlar.elder.
; Router/DNS/Gateway machine
amrutlar IN A 10.10.10.1
; Laptop - thinkpad
netheril IN A 10.10.10.30 ; update this
; Desktop - conroe
imaskar IN A 10.10.10.20
; Desktop - pentium 4
thay IN A 10.10.10.10
; Wireless router
mulhorand IN A 10.10.10.2
; Vmware - Window xp
;halruaa IN A 192.168.12.50 ; update this
; Vmware - Solaris
;unther IN A 192.168.12.51 ; update this
; Vmware - Mac osX
;narfell IN A 192.168.12.52 ; update this
; New machines - name: aglarond ?
|
elder.rev
| Code: |
$TTL 1D ; One day
$ORIGIN 10.10.10.in-addr.arpa.
10.10.10.in-addr.arpa IN SOA amrutlar.elder. root.elder. (
2007022502 ; Serial (change everytime this zone is edited
6H ; Refresh
1H ; Retry
1W ; Expire
1D ; Minimum
)
; DNS Server
IN NS amrutlar.elder.
; Router/DNS/Gateway machine
1 IN PTR amrutlar.elder.
; Laptop - thinkpad
30 IN PTR netheril.elder. ; update this
; Desktop - conroe
20 IN PTR imaskar.elder.
; Desktop - pentium 4
10 IN PTR thay.elder.
; Wireless router
2 IN PTR mulhorand.elder.
; Vmware - Window xp
;50 IN PTR halruaa.elder. ; update this
; Vmware - Solaris
;51 IN PTR unther.elder. ; update this
; Vmware - Mac osX
;52 IN PTR narfell.elder. ; update this
; New machines - name: aglarond ?
|
Thanks! |
|
| Back to top |
|
 |
infinite1der
n00b
Joined: 31 Jan 2006
Posts: 52
Location: Atlanta, GA
|
| Posted: Mon Feb 26, 2007 11:48 pm Post subject: Re: Bind 9 help, I did check all of the tutorials/documation |
|
|
| Antimatter wrote: |
Basically if i execute a dig query, with "127.0.0.1" I will get the localhost name, then if i execute a dig query with "localhost" i will get the 127.0.0.1 ip address, but if i execute it with "localhost.localdomain" i will get the list of the root servers.... which confuses me. If I also removes the root.hint file from the bind config, and only use it in forward only mode it will still end up at the root servers. |
You have the zone "localhost" listed, but you don't have a "localdomain" zone listed to get an answer from `dig localhost.localdomain`.
| Antimatter wrote: |
Also I'm also hosting the authoritative dns for my own localdomain which is "elder" which i know don't exist out there on the internet, anyway if I execute a dig query with "amrutlar.elder." it will kinda of work, but if its "amrutlar" it will end up at a ip address that is not mine. |
Add to your /etc/resolv.conf:
| Code: | search elder
domain elder |
| Antimatter wrote: |
So anyway any suggestion/idea on how to implement this:
-Caching queries for queries not in my domain
|
recursion yes;
| Antimatter wrote: |
-Being authoritative for queries in my domain
|
Point all of your workstation's DNS servers to amrutlar's IP.
| Antimatter wrote: |
-If its a wrong query say "badaddress.elder" i want it to return address not found instead of going to the root servers
|
recursion no;
| Antimatter wrote: |
-Wants to be able to query "amrutlar" and "amrutlar.elder" and have them return the same ip address. |
See above.
_________________
----------------------
James A. Thornton
Atlanta, GA
How To Ask Questions the Smart Way |
|
| Back to top |
|
|
Antimatter
Guru
Joined: 11 Aug 2003
Posts: 463
|
| Posted: Tue Feb 27, 2007 4:58 am Post subject: Re: Bind 9 help, I did check all of the tutorials/documation |
|
|
| infinite1der wrote: | | You have the zone "localhost" listed, but you don't have a "localdomain" zone listed to get an answer from `dig localhost.localdomain`. |
I included this into the localhost zone file... and its still not working properly
| Code: |
$ORIGIN localhost.
$TTL 6h
@ IN SOA amrutlar.elder. root.elder. (
2 ; serial
1h ; refresh
30m ; retry
7d ; expiration
1h ) ; minimum
NS amrular.elder.
A 127.0.0.1
localhost.localdomain. A 127.0.0.1
|
Am I doing this wrong? I also tried
| Code: |
$ORIGIN localhost.
$TTL 6h
@ IN SOA amrutlar.elder. root.elder. (
2 ; serial
1h ; refresh
30m ; retry
7d ; expiration
1h ) ; minimum
NS amrular.elder.
A 127.0.0.1
$ORGIN localhost.localdomain.
A 127.0.0.1
|
| infinite1der wrote: |
Add to your /etc/resolv.conf:
| Code: | search elder
domain elder |
|
Already done, still not working, this below is my resolv.conf
| Code: |
search elder
domain elder
nameserver 127.0.0.1
lookup file bind
|
| infinite1der wrote: |
| Antimatter wrote: |
So anyway any suggestion/idea on how to implement this:
-Caching queries for queries not in my domain
|
recursion yes;
| Antimatter wrote: |
-Being authoritative for queries in my domain
|
Point all of your workstation's DNS servers to amrutlar's IP.
| Antimatter wrote: |
-If its a wrong query say "badaddress.elder" i want it to return address not found instead of going to the root servers
|
recursion no;
| Antimatter wrote: |
-Wants to be able to query "amrutlar" and "amrutlar.elder" and have them return the same ip address. |
See above. |
Already did all of these, the only one that was lacking was "recursion yes;" in my default.conf for my default zone
Its still not doing me any good  here's an example of the dig query/result that i get
| Code: |
$ dig imaskar.elder
; <<>> DiG 9.3.2-P1 <<>> imaskar.elder
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24714
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;imaskar.elder. IN A
;; AUTHORITY SECTION:
. 10536 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2007022601 1800 900 604800 86400
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 26 13:34:29 2007
;; MSG SIZE rcvd: 106
|
I get the same result with imaskar, imaskar.elder, imaskar.elder. etc.... Its starting to drive me nuts! |
|
| Back to top |
|
|
Hobbes-X
l33t
Joined: 04 Feb 2004
Posts: 823
Location: Seattle, WA
|
| Posted: Wed Mar 28, 2007 11:42 pm Post subject: Re: Bind 9 help, I did check all of the tutorials/documation |
|
|
| Antimatter wrote: |
I get the same result with imaskar, imaskar.elder, imaskar.elder. etc.... Its starting to drive me nuts! |
Just a guess, since I'm just getting started setting up bind myself, but are your includes actually getting included without a '/' before your pathnames? Not sure where the default path ends up being if you don't have the 'directory' option set...
| Quote: |
include "etc/conf/rndc-key.conf";
...
include "etc/conf/acls.conf";
...
include "etc/conf/logging.conf";
...
include "etc/conf/zones/default.conf";
...
include "etc/conf/zones/elder.conf";
|
|
|
| Back to top |
|
|
Bad Penguin
Guru
Joined: 18 Aug 2004
Posts: 507
|
| Posted: Thu Mar 29, 2007 12:24 am Post subject: Re: Bind 9 help, I did check all of the tutorials/documation |
|
|
| Antimatter wrote: |
So anyway any suggestion/idea on how to implement this:
-Caching queries for queries not in my domain
-Being authoritative for queries in my domain
-If its a wrong query say "badaddress.elder" i want it to return address not found instead of going to the root servers
|
After looking at your configs the only thing I can say is that you might find it helpful to start with a much, much simpler config to get everything working, then start implementing "features". For example ditch all of the acls, don't use views, don't restrict access in any way, just open it up to the world. Get things working in a bare bones setup before moving on.
| Antimatter wrote: |
-Wants to be able to query "amrutlar" and "amrutlar.elder" and have them return the same ip address.
|
That needs to be set up in the client's resolv.conf/host.conf, for example your /etc/resolv.conf might look like:
search elder localdomain
nameserver x.x.x.x
nameserver x.x.x.x
Last edited by Bad Penguin on Thu Mar 29, 2007 3:43 am; edited 1 time in total |
|
| Back to top |
|
|
Bad Penguin
Guru
Joined: 18 Aug 2004
Posts: 507
|
| Posted: Thu Mar 29, 2007 5:17 am Post subject: Re: Bind 9 help, I did check all of the tutorials/documation |
|
|
| Antimatter wrote: | | I did look at all of the tutorials, and documentation that I could find on the internet, including the one on the gentoo wiki, and the bind's homepage and so forth. Haven't had much luck with getting my bind 9 config to work properly. It works great as a dns cache, I got that going pretty easily, but I'm struggling with making bind to be authoritative over my domain only and not forwarding it. |
Antimatter, on closer inspection I noticed that there are tons of errors in your conf files and zone files. Instead of going over them one by one, I will just post what I came up with and tested. I moved some of your files around, you can adjust the paths back to your liking, I suggest leaving everything in /etc/bind though. Your logging.conf is so whacky I didn't even try to mess with it so I commented it out. I would suggest getting everything working with the standard logging before messing with that include. I added your localdomain zone, and an inverse zone for 192.168.12.0, just in case you needed those also 
/etc/bind/named.conf:
| Code: |
// Including the rndc key
include "/etc/bind/rndc-key.conf";
// Including the ACLs
include "/etc/bind/acls.conf";
options {
// Statistics are a good idea to have generally
statistics-file "/var/log/named/named.stats";
dump-file "/var/log/named/named.dump";
zone-statistics yes;
auth-nxdomain yes;
notify no;
allow-query { elder; };
allow-recursion { elder; };
listen-on { 127.0.0.1; 10.10.10.1; };
listen-on-v6 { none; };
allow-transfer { none; };
pid-file "/var/run/named/named.pid";
};
// Include the logging config file
// include "/etc/bind/logging.conf";
//
// Prevent spamming
//
zone "com" IN { type delegation-only; };
zone "net" IN { type delegation-only; };
//
// root servers
//
zone "." {
type hint;
file "/etc/bind/zones/root.servers";
};
//
// forward lookup zones
//
// localhost
zone "localhost" IN {
type master;
file "/etc/bind/zones/localhost.zone";
};
zone "localdomain" IN {
type master;
file "/etc/bind/zones/localdomain.zone";
};
// elder
zone "elder" IN {
type master;
file "/etc/bind/zones/elder.zone";
};
//
// inverse lookup zones
//
// 127.0.0.0/8
zone "127.in-addr.arpa" IN {
type master;
file "/etc/bind/zones/127.zone";
};
// 10.10.10.0/24 inverse
zone "10.10.10.in-addr.arpa" IN {
type master;
file "/etc/bind/zones/10.10.10.zone";
};
// vm network?
zone "12.168.192.in-addr.arpa" IN {
type master;
file "/etc/bind/zones/192.168.12.zone";
};
|
/etc/bind/acls.conf
| Code: |
acl elder {
10.10.10.0/24; // localnet
127.0.0.1; // localhost
192.168.12.0/24 // vm network
};
|
/etc/bind/zones/10.10.10.zone
| Code: |
$TTL 1D ; One day
@ IN SOA amrutlar.elder. root.elder. (
2007022502 ; Serial
6H ; Refresh
1H ; Retry
1W ; Expire
1D) ; Minimum
IN NS amrutlar.elder.
1 IN PTR amrutlar.elder.
2 IN PTR mulhorand.elder.
10 IN PTR thay.elder.
20 IN PTR imaskar.elder.
30 IN PTR netheril.elder.
;50 IN PTR halruaa.elder.
;51 IN PTR unther.elder.
;52 IN PTR narfell.elder.
|
/etc/bind/zones/127.zone
| Code: |
$TTL 6h
@ IN SOA localhost. root.localhost. (
2 ; serial
1h ; refresh
30m ; retry
7d ; expiration
1h) ; minimum
IN NS localhost.
* IN PTR localhost.
|
/etc/bind/zones/192.168.12.zone
| Code: |
$TTL 1D ; One day
@ IN SOA amrutlar.elder. root.elder. (
2007022502 ; Serial
6H ; Refresh
1H ; Retry
1W ; Expire
1D) ; Minimum
IN NS amrutlar.elder.
50 IN PTR halruaa.elder.
51 IN PTR unther.elder.
52 IN PTR narfell.elder.
|
/etc/bind/zones/elder.zone
| Code: |
$TTL 1D ; One day
@ IN SOA amrutlar.elder. root.elder. (
2007022502 ; Serial
6H ; Refresh
1H ; Retry
1W ; Expire
1D) ; Minimum
IN NS amrutlar.elder.
amrutlar IN A 10.10.10.1
netheril IN A 10.10.10.30
imaskar IN A 10.10.10.20
thay IN A 10.10.10.10
mulhorand IN A 10.10.10.2
;halruaa IN A 192.168.12.50
;unther IN A 192.168.12.51
;narfell IN A 192.168.12.52
|
/etc/bind/zones/localdomain.zone
| Code: |
$TTL 6h
@ IN SOA ns.localdomain. root.localdomain. (
2 ; serial
1h ; refresh
30m ; retry
7d ; expiration
1h) ; minimum
IN NS 127.0.0.1
* IN A 127.0.0.1
|
/etc/bind/zones/localhost.zone
| Code: |
$TTL 6h
@ IN SOA ns.localhost. root.localhost. (
2 ; serial
1h ; refresh
30m ; retry
7d ; expiration
1h) ; minimum
IN NS 127.0.0.1
* IN A 127.0.0.1
|
|
|
| Back to top |
|
|
Hobbes-X
l33t
Joined: 04 Feb 2004
Posts: 823
Location: Seattle, WA
|
| Posted: Thu Mar 29, 2007 1:36 pm Post subject: Re: Bind 9 help, I did check all of the tutorials/documation |
|
|
| Bad Penguin wrote: | | Your logging.conf is so whacky I didn't even try to mess with it so I commented it out. I would suggest getting everything working with the standard logging before messing with that include. |
I think the logging include looks fuglier than it is, it just breaks out each logging category into separate log files- seems to be a straight cut and paste from the wiki.
| Quote: | | I added your localdomain zone, and an inverse zone for 192.168.12.0, just in case you needed those also |
Wouldn't 'elder' be the localdomain in this case? I think he was just using localhost.localdomain as an example for what he was trying to do, and didn't mean it literally. |
|
| Back to top |
|
|
Bad Penguin
Guru
Joined: 18 Aug 2004
Posts: 507
|
| Posted: Thu Mar 29, 2007 2:32 pm Post subject: Re: Bind 9 help, I did check all of the tutorials/documation |
|
|
| Hobbes-X wrote: | | Bad Penguin wrote: | | Your logging.conf is so whacky I didn't even try to mess with it so I commented it out. I would suggest getting everything working with the standard logging before messing with that include. |
I think the logging include looks fuglier than it is, it just breaks out each logging category into separate log files- seems to be a straight cut and paste from the wiki. |
Well, then the wiki is wrong also, because it won't even load. I have no idea why...
| Quote: | | I added your localdomain zone, and an inverse zone for 192.168.12.0, just in case you needed those also |
| Hobbes-X wrote: | | Wouldn't 'elder' be the localdomain in this case? I think he was just using localhost.localdomain as an example for what he was trying to do, and didn't mean it literally. |
He also wanted a domain called "localdomain", I have no idea why. Elder would be the local domain, not to be confused with "localdomain" |
|
| Back to top |
|
|
Hobbes-X
l33t
Joined: 04 Feb 2004
Posts: 823
Location: Seattle, WA
|
| Posted: Mon Apr 02, 2007 7:17 pm Post subject: |
|
|
Just in case anyone was interested, the syntax of the logging statements were off a bit. I should have been:
| Code: |
logging {
channel default_file { file "/var/log/named/default.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel general_file { file "/var/log/named/general.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel database_file { file "/var/log/named/database.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel security_file { file "/var/log/named/security.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel config_file { file "/var/log/named/config.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel resolver_file { file "/var/log/named/resolver.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel xfer-in_file { file "/var/log/named/xfer-in.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel xfer-out_file { file "/var/log/named/xfer-out.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel notify_file { file "/var/log/named/notify.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel client_file { file "/var/log/named/client.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel unmatched_file { file "/var/log/named/unmatched.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel queries_file { file "/var/log/named/queries.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel network_file { file "/var/log/named/network.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel update_file { file "/var/log/named/update.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel dispatch_file { file "/var/log/named/dispatch.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel dnssec_file { file "/var/log/named/dnssec.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel lame-servers_file { file "/var/log/named/lame-servers.log" versions 3 size 5m; severity dynamic; print-time yes; };
category default { default_file; };
category general { general_file; };
category database { database_file; };
category security { security_file; };
category config { config_file; };
category resolver { resolver_file; };
category xfer-in { xfer-in_file; };
category xfer-out { xfer-out_file; };
category notify { notify_file; };
category client { client_file; };
category unmatched { unmatched_file; };
category queries { queries_file; };
category network { network_file; };
category update { update_file; };
category dispatch { dispatch_file; };
category dnssec { dnssec_file; };
category lame-servers { lame-servers_file; };
}; |
One line was missing a closing bracket and semi-colon, and another was missing part of the word 'yes' in a print-time statement. If you decide to use it as is, you'll also need to create the /var/log/named/ directory and assign it some permissions that the named server can use:
| Code: |
# mkdir /var/log/named
# chown root:named /var/log/named/
# chmod 775 /var/log/named/
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
