Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #19  
Old 22nd December 2008, 15:31
docfx docfx is offline
Junior Member
 
Join Date: Dec 2008
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

As I indicated in the previous /etc/bind is symlinked to /var/lib/named/bind/, so...
Code:
root@wonder:/var/lib/named/etc/bind# ls -la
total 56
drwxr-sr-x 2 root root 4096 2008-12-21 13:51 .
drwx------ 3 root root 4096 2008-12-20 16:23 ..
-rw-r--r-- 1 bind bind  237 2008-04-09 15:44 db.0
-rw-r--r-- 1 bind bind  271 2008-04-09 15:44 db.127
-rw-r--r-- 1 bind bind  237 2008-04-09 15:44 db.255
-rw-r--r-- 1 bind bind  353 2008-04-09 15:44 db.empty
-rw-r--r-- 1 bind bind  270 2008-04-09 15:44 db.local
-rw-r--r-- 1 bind bind 2878 2008-04-09 15:44 db.root
-rw-r--r-- 1 bind bind  907 2008-04-09 15:44 named.conf
-rw-r--r-- 1 bind bind  165 2008-04-09 15:44 named.conf.local
-rw-r--r-- 1 bind bind 3041 2008-12-21 13:51 named.conf.options
-rw------- 1 root root  695 2008-12-21 13:51 named.conf.options~
-rw-r----- 1 bind bind   77 2008-05-26 17:26 rndc.key
-rw-r--r-- 1 bind bind 1317 2008-04-09 15:44 zones.rfc1918
named.conf is virgin:
Code:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

include "/etc/bind/named.conf.local";
I have not yet modified named.conf.local, but I have made mods to named.conf.options (using the bind acls/options from the current RH webserver which will be retired when I get this box up). However, bind9 is/was failing on this chrooted setup B4 I did anything to options, nevertheless:
Code:
// acls added TB 12.21.2008
acl "xfer" {    
        127.0.0.1; //localhost
        localhost;
        192.168.5.11; //temp new wonder IP
        69.54.194.91; //wonder.what-if.com
        69.54.194.92; //imagine.what-if.com
};

acl "trusted" {
        127.0.0.1; //localhost
        localhost;
        192.168.5.11; //temp new wonder IP
        66.255.223.103; //local IFI netw
        69.54.194.91; //wonder.what-if.com
        69.54.194.92; //imagine.what-if.com
};

acl "bogon" {
    // Filter out the bogon networks.  These are networks
    // listed by IANA as test, RFC1918, Multicast, experi-
    // mental, etc.  If you see DNS queries or updates with
    // a source address within these networks, this is likely
    // of malicious origin. CAUTION: If you are using RFC1918
    // netblocks on your network, remove those netblocks from
    // this list of blackhole ACLs!
    0.0.0.0/8;
    1.0.0.0/8;
    2.0.0.0/8;
    5.0.0.0/8;
...
    197.0.0.0/8;
    223.0.0.0/8;
    224.0.0.0/3;
};


options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you might need to uncomment the query-source
        // directive below.  Previous versions of BIND always asked
        // questions using port 53, but BIND 8.1 and later use an unprivileged
        // port by default.

        // query-source address * port 53;

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };

// additional options TB 12.21.2008
        check-names master ignore;
        check-names response ignore;
        check-names slave warn;
        version "<Phhhhhbbt!>";
        notify yes;
        allow-recursion {
                trusted;
        };
        allow-transfer {
                xfer;
        };
        allow-query {
                trusted;
        };
        blackhole {
                bogon;
        };
};
Reply With Quote
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
"Too many open files in system" problems Berry Installation/Configuration 3 10th November 2007 21:58
Problem on restart bind9 satimis Server Operation 6 30th October 2007 02:01
BIND fails to start valtech Installation/Configuration 1 16th September 2007 19:55
Installation fails on Ubuntu 6.06 Jcorrea920 Installation/Configuration 2 23rd April 2007 20:14
Log for Debugging jwan Installation/Configuration 5 27th October 2006 14:34


All times are GMT +2. The time now is 21:40.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.