Comments on Traditional DNS Howto
Traditional DNS Howto Linux system administrators should learn traditional DNS. Front-ends and quick templates to setup domain records have a place in managing sites. When confronted with DNS configurations already in existence, nothing can substitute for knowing and using the fundamentals. The vast majority of users on the Internet have no clue about DNS. They may have seen the term when they set up their ISP connection, but they do not realize its connection to their lives. Simply put, DNS servers allow you to use friendly names in your browser, email or other Internet applications to perform tasks which require IP addresses.
7 Comment(s)
Comments
IMO you should at least mention dynamic DNS updates, a method of editing your zones remotely from anywhere on the Internet:
http://linux.yyz.us/dns/ddns-server.html
I don't think dynamic dns has much to do with traditional DNS configuration. It certainly deserves a Howto of its own, but I don't see it as applicable to this article.
1) Restricting zonetransfers is useless. Anyone with secret data in public dns is doing something wrong anyway. Restringing zonetransfers just makes it harder to debug dns problems.
2) Make it clear that recursion should be disabled on nameservers. Never use the same dns as both nameserver and resolver. Public resolvers helps doing dns amplification DoS attacks. (http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf)
Though this work looks good, it is almost all written from a BIND perspective. Some focus on using tools to troubleshoot problems would be good.
Mention of alternate DNS packages would be good, especially for running the various DNS roles (caching, authorative). BIND is especially bad running as a cache and auth from the same daemon.
Finally, the expected plug: http://www.lifewithdjbdns.org/ .
I have spent a lot of time trying to learn DNS and have read A LOT of "How-to's" on the subject. This how-to is hands-down the best I have seen. Well done!
i am first timer but managed to configure to run! Well done, thanks a billions!
Thanks for this clarification on DNS.
Just want to add that reading the logs is basic for troubleshooting and if your sec. runs on another machine (shouldn't it be...) make sure that both machines (servers) are synchronized on time (helps if both have ntp) otherwise you'll wonder why zones don't transfer.