Operating System - HP-UX
1839259 Members
3290 Online
110137 Solutions
New Discussion

Re: BIND 9.2 - DNS - CACHING ONLY configuration

 
harry d brown jr
Honored Contributor

BIND 9.2 - DNS - CACHING ONLY configuration


I'm running BIND 9.2 on a FULLY patched 11i Virtual Partition, on an N-class server.

I am trying to set up a Caching-Only server, but I'm having brain locks today. TGIF, but I can't start drinking just yet (which is too bad)!


What I need is EXAMPLES of the following files from a server that IS DOING DNS Caching-Only, running BIND 9.2. Please don't post links to documentation, as I have so much documentation and manuals in front of me now, that I might not be able to get out of my office and to the bar this evening!!!

This is some of my info:
vpart1 - the server I want to configure Caching-Only on
netidweb1 - the name of one of our DNS servers


/etc/named.conf

/etc/named.data/db.127.0.0
/etc/named.data/db.cache

/etc/resolv.conf
/etc/nsswitch.conf

and maybe /etc/rc.config.d/namesvrs and maybe /etc/named.boot???

Seriously, thanks a lot if you can help!!!

live free or die
harry
Live Free or Die
11 REPLIES 11
Pete Randall
Outstanding Contributor

Re: BIND 9.2 - DNS - CACHING ONLY configuration

Harry,

What are you doing in the trenches? I figured you'd be head honcho now, ordering others to do the dirty work.

Any luck with the job?


Pete

Pete
harry d brown jr
Honored Contributor

Re: BIND 9.2 - DNS - CACHING ONLY configuration


Pete,

Sometimes you just have to grab the bull by his horns and slap him around yourself.

live free or die
harry
Live Free or Die
Jeff Schussele
Honored Contributor

Re: BIND 9.2 - DNS - CACHING ONLY configuration

Hi Harry,

What problem are you having?

These are the steps as I know them to set up a caching only server.

1) Create the /etc/named.data dir
2) cp the named.cacheonly file from primary DNS server to this server & name it /etc/named.boot (Note that it doesn't go into /etc/named.data dir)
3) cp the db.127.0.0 from pri server to /etc/named.data/db127.0.0
4) cp the db.cache from pri server to /etc/named.data/db.cache
5) Turn on autostart in /etc/rc.config.d/namesvrs (NAMED=1)
6) Start it /sbin/init.d/named start

Which step is giving you trouble?
Or, what errors are you getting?

Later,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
U.SivaKumar_2
Honored Contributor

Re: BIND 9.2 - DNS - CACHING ONLY configuration

Hi,

acl "internal" { xx.0.0.0/8; };
options {
directory "/etc/namedb;
pid-file "named.pid";
allow-query { "internal"; };
};

zone "." {
type hint;
file "db.cache";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "db.127.0.0";
allow-update {none;};

regards,

U.SivaKumar




Innovations are made when conventions are broken
harry d brown jr
Honored Contributor

Re: BIND 9.2 - DNS - CACHING ONLY configuration

Jeff and U.SivaKumar,

Thanks for replying.

One problem is that the DNS server is a NorTel NetID (running on a winSUCKs box) piece of CRAP, so I can't retreive anything from it.

BUT, after lunch on Friday, I did get it working. And what I mean by working is that I was trying to build a DNS-Caching-Only service. This means that "named" will ONLY go to the DNS (remember the sucky NetId crap above) once or unless the TTL (time-to-live), which (the TTL) I actually tested sucessfully!

I'll post the configuration files for others to use on Monday/Tuesday.

The trick was that /etc/resolv.conf can ONLY have the DOMAIN statement in it! If you use a NAMESERVER line, then it will ALWAYS go to the DNS server, meaning that it won't locally CACHE DNS entries.

live free or die
harry

BTW - BOYCOTT SCO - I guess linux is a little to much for them to handle

Live Free or Die
Steven E. Protter
Exalted Contributor

Re: BIND 9.2 - DNS - CACHING ONLY configuration

I'm with you on the SCO thing Harry. Sour grapes that Linux moves faster.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
harry d brown jr
Honored Contributor

Re: BIND 9.2 - DNS - CACHING ONLY configuration

 
Live Free or Die
harry d brown jr
Honored Contributor

Re: BIND 9.2 - DNS - CACHING ONLY configuration


FORGOT, /etc/rndc.conf

# cat /etc/rndc.conf
--------------------------------------------------------------------------------
#
# type domain source file
#

options {
default-server localhost;
default-key samplekey;
};

server localhost {
key samplekey;
};

key samplekey {
algorithm hmac-md5;
secret "SECRETkeyfromSTEP5";
};
--------------------------------------------------------------------------------


live free or die
harry
Live Free or Die
harry d brown jr
Honored Contributor

Re: BIND 9.2 - DNS - CACHING ONLY configuration

Here's the new attached document


live free or die
harry
Live Free or Die
Michael Tully
Honored Contributor

Re: BIND 9.2 - DNS - CACHING ONLY configuration

Excellent stuff Harry!

I wondered what you've been doing for the last six weeks ... (typing of course!)

Cheers
Michael
Anyone for a Mutiny ?
harry d brown jr
Honored Contributor

Re: BIND 9.2 - DNS - CACHING ONLY configuration


Michael,

DNS plus about a dozen other things! We recently purchased two more payroll companies, so I've been working on the integration of those companies into our domain. Monday I found a perl script that was killing our production machines. We have had 16 failures over the past six weeks and everyone was pointing their fingers at Virtual partitions, so I stepped in and found a perl script that was getting the parent PID of the process and then doing a kill -9 $PARENTPID. Of course I also found that this program code has been around for about eight years, but just recently wrapped by a ROOT owned process. When the user closed the Parent window, the child became owned by INIT (ppid=1), then the kill -9 basically wiped the machine clean of most processes!

It's been one hell of a past four weeks!


Back to the DNS configuration. I plan on writing a perl script to do the installation customization depending upon which data center the machine is currently installed in. Basically the script will fill in the IPofNAMESERVER's and the secret key generation, so the install will become a brain dead thing that even managers of it shops could perform! I'll make it quite generic as so anyone could use it anywhere.

brain dead == management ready

live free or die
harry
Live Free or Die