View Single Post
  #19  
Old 22nd December 2008, 16:31
docfx docfx is offline
Junior Member
 
Join Date: Dec 2008
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

As I indicated in the previous /etc/bind is symlinked to /var/lib/named/bind/, so...
Code:
root@wonder:/var/lib/named/etc/bind# ls -la
total 56
drwxr-sr-x 2 root root 4096 2008-12-21 13:51 .
drwx------ 3 root root 4096 2008-12-20 16:23 ..
-rw-r--r-- 1 bind bind  237 2008-04-09 15:44 db.0
-rw-r--r-- 1 bind bind  271 2008-04-09 15:44 db.127
-rw-r--r-- 1 bind bind  237 2008-04-09 15:44 db.255
-rw-r--r-- 1 bind bind  353 2008-04-09 15:44 db.empty
-rw-r--r-- 1 bind bind  270 2008-04-09 15:44 db.local
-rw-r--r-- 1 bind bind 2878 2008-04-09 15:44 db.root
-rw-r--r-- 1 bind bind  907 2008-04-09 15:44 named.conf
-rw-r--r-- 1 bind bind  165 2008-04-09 15:44 named.conf.local
-rw-r--r-- 1 bind bind 3041 2008-12-21 13:51 named.conf.options
-rw------- 1 root root  695 2008-12-21 13:51 named.conf.options~
-rw-r----- 1 bind bind   77 2008-05-26 17:26 rndc.key
-rw-r--r-- 1 bind bind 1317 2008-04-09 15:44 zones.rfc1918
named.conf is virgin:
Code:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

include "/etc/bind/named.conf.local";
I have not yet modified named.conf.local, but I have made mods to named.conf.options (using the bind acls/options from the current RH webserver which will be retired when I get this box up). However, bind9 is/was failing on this chrooted setup B4 I did anything to options, nevertheless:
Code:
// acls added TB 12.21.2008
acl "xfer" {    
        127.0.0.1; //localhost
        localhost;
        192.168.5.11; //temp new wonder IP
        69.54.194.91; //wonder.what-if.com
        69.54.194.92; //imagine.what-if.com
};

acl "trusted" {
        127.0.0.1; //localhost
        localhost;
        192.168.5.11; //temp new wonder IP
        66.255.223.103; //local IFI netw
        69.54.194.91; //wonder.what-if.com
        69.54.194.92; //imagine.what-if.com
};

acl "bogon" {
    // Filter out the bogon networks.  These are networks
    // listed by IANA as test, RFC1918, Multicast, experi-
    // mental, etc.  If you see DNS queries or updates with
    // a source address within these networks, this is likely
    // of malicious origin. CAUTION: If you are using RFC1918
    // netblocks on your network, remove those netblocks from
    // this list of blackhole ACLs!
    0.0.0.0/8;
    1.0.0.0/8;
    2.0.0.0/8;
    5.0.0.0/8;
...
    197.0.0.0/8;
    223.0.0.0/8;
    224.0.0.0/3;
};


options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you might need to uncomment the query-source
        // directive below.  Previous versions of BIND always asked
        // questions using port 53, but BIND 8.1 and later use an unprivileged
        // port by default.

        // query-source address * port 53;

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };

// additional options TB 12.21.2008
        check-names master ignore;
        check-names response ignore;
        check-names slave warn;
        version "<Phhhhhbbt!>";
        notify yes;
        allow-recursion {
                trusted;
        };
        allow-transfer {
                xfer;
        };
        allow-query {
                trusted;
        };
        blackhole {
                bogon;
        };
};
Reply With Quote