View Single Post
  #6  
Old 9th March 2006, 15:50
spaz spaz is offline
Junior Member
 
Join Date: Mar 2006
Posts: 4
Thanks: 0
Thanked 2 Times in 2 Posts
Talking

After googling the error message in the syslog, I found this:

http://www.howtoforge.com/howto_bind...an#comment-275

then followed this in the above post:

I created a file /var/lib/named/var/run/bind/run started the server again and all was fine.

and the syslog indicates bind is running:

08:10:24 serv named[6395]: starting BIND 9.2.4 -u bind -t /var/lib/named
08:10:24 serv named[6395]: using 1 CPU
08:10:24 serv named[6395]: loading configuration from '/etc/bind/named.conf'
08:10:24 serv named[6395]: listening on IPv4 interface lo, 127.0.0.1#53
08:10:24 serv named[6395]: listening on IPv4 interface eth0, 192.168.1.4#53
08:10:24 serv named[6395]: command channel listening on 127.0.0.1#953
08:10:24 serv named[6395]: command channel listening on ::1#953
08:10:24 serv named[6395]: zone 0.in-addr.arpa/IN: loaded serial 1
08:10:24 serv named[6395]: zone 127.in-addr.arpa/IN: loaded serial 1
08:10:24 serv named[6395]: zone 255.in-addr.arpa/IN: loaded serial 1
08:10:24 serv named[6395]: zone localhost/IN: loaded serial 1
08:10:24 serv named[6395]: running

A few questions:

1. directory ownership: should I follow a subsequent post and do this:
chown -R bind:bind /var/lib/named/var/run/bind/run

since I created some of the directories manually, and some are currently owner root, group bind? Should I change the entire path to owner bind, group bind? Or leave as is?

Second question, What next? Which file(s) am I looking at for my web sites which are currently using xname.org as primary and secondary name servers? Should I pull the zone info from xname.org, then make my dns server primary and xname.org secondary (until I can get access to another subnet and secondary dns server on my own), or should I manually create the zone info for the dozen domains I have and risk breaking them, instead of pulling data from what already works?

3rd question: My dns server is on a local /29 subnet of public ip addresses. Our internal lan is on the same /29. Can I restrict the dns server to use by only the /29 subnet and for authoritative use for the handful of domains? Or will everyone have access to the nameserver because port 53 is open?

Can the restriction be directly in the bind configuration, or can this only be done by the firewall, if at all?

4th question, relevant to everybody following guide:
Doesn't the link in /etc/bind to a different directory or partition (/var) keep the actual configuration file out of /etc, which creates a problem when bind is upgraded due to security reasons in Debian Sarge? Wouldn't the configuration file and any changes made to it be overwritten if/when there is an update because the configuration file is outside of /etc? I'm figuring this is necessary for the chroot, but shouldn't an extra step such as pinning be taken to help prevent inadvertent overwriting of the config files?

A big thanks for all the help!
Reply With Quote