HPE Community
Operating System - HP-UX
1826499 Members
1757 Online
109692 Solutions
New Discussion

Re: BIND 9.2 - DNS - CACHING ONLY configuration

 
harry d brown jr
Honored Contributor

‎03-07-2003 10:25 AM

‎03-07-2003 10:25 AM

BIND 9.2 - DNS - CACHING ONLY configuration


I'm running BIND 9.2 on a FULLY patched 11i Virtual Partition, on an N-class server.

I am trying to set up a Caching-Only server, but I'm having brain locks today. TGIF, but I can't start drinking just yet (which is too bad)!


What I need is EXAMPLES of the following files from a server that IS DOING DNS Caching-Only, running BIND 9.2. Please don't post links to documentation, as I have so much documentation and manuals in front of me now, that I might not be able to get out of my office and to the bar this evening!!!

This is some of my info:
vpart1 - the server I want to configure Caching-Only on
netidweb1 - the name of one of our DNS servers


/etc/named.conf

/etc/named.data/db.127.0.0
/etc/named.data/db.cache

/etc/resolv.conf
/etc/nsswitch.conf

and maybe /etc/rc.config.d/namesvrs and maybe /etc/named.boot???

Seriously, thanks a lot if you can help!!!

live free or die
harry
Live Free or Die
0 Kudos
Reply
11 REPLIES 11
Pete Randall
Outstanding Contributor

‎03-07-2003 10:29 AM

‎03-07-2003 10:29 AM

Re: BIND 9.2 - DNS - CACHING ONLY configuration

Harry,

What are you doing in the trenches? I figured you'd be head honcho now, ordering others to do the dirty work.

Any luck with the job?


Pete

Pete
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎03-07-2003 10:51 AM

‎03-07-2003 10:51 AM

Re: BIND 9.2 - DNS - CACHING ONLY configuration


Pete,

Sometimes you just have to grab the bull by his horns and slap him around yourself.

live free or die
harry
Live Free or Die
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎03-07-2003 12:17 PM

‎03-07-2003 12:17 PM

Re: BIND 9.2 - DNS - CACHING ONLY configuration

Hi Harry,

What problem are you having?

These are the steps as I know them to set up a caching only server.

1) Create the /etc/named.data dir
2) cp the named.cacheonly file from primary DNS server to this server & name it /etc/named.boot (Note that it doesn't go into /etc/named.data dir)
3) cp the db.127.0.0 from pri server to /etc/named.data/db127.0.0
4) cp the db.cache from pri server to /etc/named.data/db.cache
5) Turn on autostart in /etc/rc.config.d/namesvrs (NAMED=1)
6) Start it /sbin/init.d/named start

Which step is giving you trouble?
Or, what errors are you getting?

Later,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

‎03-08-2003 01:57 AM

‎03-08-2003 01:57 AM

Re: BIND 9.2 - DNS - CACHING ONLY configuration

Hi,

acl "internal" { xx.0.0.0/8; };
options {
directory "/etc/namedb;
pid-file "named.pid";
allow-query { "internal"; };
};

zone "." {
type hint;
file "db.cache";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "db.127.0.0";
allow-update {none;};

regards,

U.SivaKumar




Innovations are made when conventions are broken
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎03-08-2003 05:30 PM

‎03-08-2003 05:30 PM

Re: BIND 9.2 - DNS - CACHING ONLY configuration

Jeff and U.SivaKumar,

Thanks for replying.

One problem is that the DNS server is a NorTel NetID (running on a winSUCKs box) piece of CRAP, so I can't retreive anything from it.

BUT, after lunch on Friday, I did get it working. And what I mean by working is that I was trying to build a DNS-Caching-Only service. This means that "named" will ONLY go to the DNS (remember the sucky NetId crap above) once or unless the TTL (time-to-live), which (the TTL) I actually tested sucessfully!

I'll post the configuration files for others to use on Monday/Tuesday.

The trick was that /etc/resolv.conf can ONLY have the DOMAIN statement in it! If you use a NAMESERVER line, then it will ALWAYS go to the DNS server, meaning that it won't locally CACHE DNS entries.

live free or die
harry

BTW - BOYCOTT SCO - I guess linux is a little to much for them to handle

Live Free or Die
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎03-08-2003 05:46 PM

‎03-08-2003 05:46 PM

Re: BIND 9.2 - DNS - CACHING ONLY configuration

I'm with you on the SCO thing Harry. Sour grapes that Linux moves faster.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎04-25-2003 11:18 AM

‎04-25-2003 11:18 AM

Re: BIND 9.2 - DNS - CACHING ONLY configuration

 
Live Free or Die
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎04-25-2003 11:26 AM

‎04-25-2003 11:26 AM

Re: BIND 9.2 - DNS - CACHING ONLY configuration


FORGOT, /etc/rndc.conf

# cat /etc/rndc.conf
--------------------------------------------------------------------------------
#
# type domain source file
#

options {
default-server localhost;
default-key samplekey;
};

server localhost {
key samplekey;
};

key samplekey {
algorithm hmac-md5;
secret "SECRETkeyfromSTEP5";
};
--------------------------------------------------------------------------------


live free or die
harry
Live Free or Die
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎04-25-2003 11:32 AM

‎04-25-2003 11:32 AM

Re: BIND 9.2 - DNS - CACHING ONLY configuration

Here's the new attached document


live free or die
harry
Live Free or Die
0 Kudos
Reply
Michael Tully
Honored Contributor

‎04-25-2003 01:32 PM

‎04-25-2003 01:32 PM

Re: BIND 9.2 - DNS - CACHING ONLY configuration

Excellent stuff Harry!

I wondered what you've been doing for the last six weeks ... (typing of course!)

Cheers
Michael
Anyone for a Mutiny ?
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎04-26-2003 07:12 AM

‎04-26-2003 07:12 AM

Re: BIND 9.2 - DNS - CACHING ONLY configuration


Michael,

DNS plus about a dozen other things! We recently purchased two more payroll companies, so I've been working on the integration of those companies into our domain. Monday I found a perl script that was killing our production machines. We have had 16 failures over the past six weeks and everyone was pointing their fingers at Virtual partitions, so I stepped in and found a perl script that was getting the parent PID of the process and then doing a kill -9 $PARENTPID. Of course I also found that this program code has been around for about eight years, but just recently wrapped by a ROOT owned process. When the user closed the Parent window, the child became owned by INIT (ppid=1), then the kill -9 basically wiped the machine clean of most processes!

It's been one hell of a past four weeks!


Back to the DNS configuration. I plan on writing a perl script to do the installation customization depending upon which data center the machine is currently installed in. Basically the script will fill in the IPofNAMESERVER's and the secret key generation, so the install will become a brain dead thing that even managers of it shops could perform! I'll make it quite generic as so anyone could use it anywhere.

brain dead == management ready

live free or die
harry
Live Free or Die
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.