https://community.hpe.com/t5/operating-system-hp-ux/new-primary-master-server-pls-comment/m-p/3272776#M569633 HI Geoff,<BR /><BR />Thanks.<BR /><BR />The option "query-source address * port 53", I read some doc on BIND and understood that this option may not work properly, so they advised to mention source address explicitly?? Although I am using this option to my other named server.<BR /><BR />Another good point is logging, I am not sure for an ISP named service, how much syslog size would be sufficient??<BR /><BR />one question, shall I apply my ACL to reverse zone also?<BR /> <BR />regards,<BR />Richard Mon, 17 May 2004 22:06:57 GMT Rgomes 2004-05-17T22:06:57Z https://community.hpe.com/t5/operating-system-hp-ux/new-primary-master-server-pls-comment/m-p/3272772#M569629 Hi All,<BR /><BR />I am going to configure one primary master DNS server for an ISP. Pls comment on the below configuration of BIND 9.2.0, how it will react:<BR /><BR />acl ournets { IP_range; };<BR />acl bogusnets { IP_range; };<BR />options {<BR />...<BR />...<BR />allow-transfer { none; }; <BR />allow-query { ournets; };<BR />allow-recursion { ournets; };<BR />...<BR />...<BR />blackhole { bogusnets; };<BR />};<BR />zone "mydomain.com" {<BR />type master;<BR />file "db.mydomain.com";<BR />allow-query { any; };<BR />allow-transfer { IP_of_slave_server; };<BR />};<BR />.<BR />.<BR />.<BR /><BR />Thanks in advance,<BR />Richard Tue, 11 May 2004 02:44:14 GMT https://community.hpe.com/t5/operating-system-hp-ux/new-primary-master-server-pls-comment/m-p/3272772#M569629 Rgomes 2004-05-11T02:44:14Z https://community.hpe.com/t5/operating-system-hp-ux/new-primary-master-server-pls-comment/m-p/3272773#M569630 Here is how to assign points to those who have helped you in the past:<BR /><A href="http://forums1.itrc.hp.com/service/forums/helptips.do?#28" target="_blank">http://forums1.itrc.hp.com/service/forums/helptips.do?#28</A> Tue, 11 May 2004 06:46:45 GMT https://community.hpe.com/t5/operating-system-hp-ux/new-primary-master-server-pls-comment/m-p/3272773#M569630 Cheryl Griffin 2004-05-11T06:46:45Z https://community.hpe.com/t5/operating-system-hp-ux/new-primary-master-server-pls-comment/m-p/3272774#M569631 Can I have some response now? <BR /><BR />:)<BR /><BR />TIA,<BR />Richard Mon, 17 May 2004 13:46:10 GMT https://community.hpe.com/t5/operating-system-hp-ux/new-primary-master-server-pls-comment/m-p/3272774#M569631 Rgomes 2004-05-17T13:46:10Z https://community.hpe.com/t5/operating-system-hp-ux/new-primary-master-server-pls-comment/m-p/3272775#M569632 Looks okay - might want logging as well:<BR /><BR />logging {<BR /><BR />channel all_channel {<BR /> file "/var/named/named.log" versions 5 size 10; // keep 5 versions max 10 MB in size<BR /> print-category yes;<BR /> print-severity yes;<BR /> print-time yes;<BR />};<BR />category queries { all_channel; };<BR />category update { all_channel; };<BR />category security { all_channel; };<BR />category default { all_channel; };<BR /><BR />};<BR /><BR /><BR />Do you need any incudes? like rndc key:<BR /><BR />include "/etc/rndc.key";<BR /><BR />Also for options add:<BR /><BR /> query-source address * port 53;<BR /> version "Noname DNS";<BR /> fetch-glue no;<BR /> max-cache-size 128M;<BR /><BR />Rgds...Geoff Mon, 17 May 2004 13:56:34 GMT https://community.hpe.com/t5/operating-system-hp-ux/new-primary-master-server-pls-comment/m-p/3272775#M569632 Geoff Wild 2004-05-17T13:56:34Z https://community.hpe.com/t5/operating-system-hp-ux/new-primary-master-server-pls-comment/m-p/3272776#M569633 HI Geoff,<BR /><BR />Thanks.<BR /><BR />The option "query-source address * port 53", I read some doc on BIND and understood that this option may not work properly, so they advised to mention source address explicitly?? Although I am using this option to my other named server.<BR /><BR />Another good point is logging, I am not sure for an ISP named service, how much syslog size would be sufficient??<BR /><BR />one question, shall I apply my ACL to reverse zone also?<BR /> <BR />regards,<BR />Richard Mon, 17 May 2004 22:06:57 GMT https://community.hpe.com/t5/operating-system-hp-ux/new-primary-master-server-pls-comment/m-p/3272776#M569633 Rgomes 2004-05-17T22:06:57Z https://community.hpe.com/t5/operating-system-hp-ux/new-primary-master-server-pls-comment/m-p/3272777#M569634 I would keep the ACL on allzones.<BR /><BR />As far as logging - start with 5 x 10MB - then go from there - if you need more, just increase it in the named.conf file and issue a: rndc reload<BR /><BR />file "/var/named/named.log" versions 5 size 10; // keep 5 versions max 10 MB in size<BR /><BR /><BR />As far as query source - yes, you can put the source address explicitly - I have mine at 53 because that was the only way I could get a NT DNS box to transfer (though I havn't tried lately to see if it will work explicitly now...)<BR /><BR />Rgds...Geoff<BR /> Tue, 18 May 2004 08:21:33 GMT https://community.hpe.com/t5/operating-system-hp-ux/new-primary-master-server-pls-comment/m-p/3272777#M569634 Geoff Wild 2004-05-18T08:21:33Z https://community.hpe.com/t5/operating-system-hp-ux/new-primary-master-server-pls-comment/m-p/3272778#M569635 Hi Geoff,<BR /><BR />Thanks for sharing.<BR /><BR />Best regards,<BR />Richard Tue, 18 May 2004 09:12:32 GMT https://community.hpe.com/t5/operating-system-hp-ux/new-primary-master-server-pls-comment/m-p/3272778#M569635 Rgomes 2004-05-18T09:12:32Z