HPE Community
Operating System - HP-UX
1832906 Members
2893 Online
110048 Solutions
New Discussion

Re: New Primary master server--Pls comment!!

 
SOLVED
Go to solution
Rgomes
Valued Contributor

‎05-10-2004 07:44 PM

‎05-10-2004 07:44 PM

New Primary master server--Pls comment!!

Hi All,

I am going to configure one primary master DNS server for an ISP. Pls comment on the below configuration of BIND 9.2.0, how it will react:

acl ournets { IP_range; };
acl bogusnets { IP_range; };
options {
...
...
allow-transfer { none; };
allow-query { ournets; };
allow-recursion { ournets; };
...
...
blackhole { bogusnets; };
};
zone "mydomain.com" {
type master;
file "db.mydomain.com";
allow-query { any; };
allow-transfer { IP_of_slave_server; };
};
.
.
.

Thanks in advance,
Richard
0 Kudos
Reply
6 REPLIES 6
Cheryl Griffin
Honored Contributor

‎05-10-2004 11:46 PM

‎05-10-2004 11:46 PM

Re: New Primary master server--Pls comment!!

Here is how to assign points to those who have helped you in the past:
http://forums1.itrc.hp.com/service/forums/helptips.do?#28
"Downtime is a Crime."
0 Kudos
Reply
Rgomes
Valued Contributor

‎05-17-2004 06:46 AM

‎05-17-2004 06:46 AM

Re: New Primary master server--Pls comment!!

Can I have some response now?

:)

TIA,
Richard
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎05-17-2004 06:56 AM

‎05-17-2004 06:56 AM

Re: New Primary master server--Pls comment!!

Looks okay - might want logging as well:

logging {

channel all_channel {
file "/var/named/named.log" versions 5 size 10; // keep 5 versions max 10 MB in size
print-category yes;
print-severity yes;
print-time yes;
};
category queries { all_channel; };
category update { all_channel; };
category security { all_channel; };
category default { all_channel; };

};


Do you need any incudes? like rndc key:

include "/etc/rndc.key";

Also for options add:

query-source address * port 53;
version "Noname DNS";
fetch-glue no;
max-cache-size 128M;

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Rgomes
Valued Contributor

‎05-17-2004 03:06 PM

‎05-17-2004 03:06 PM

Re: New Primary master server--Pls comment!!

HI Geoff,

Thanks.

The option "query-source address * port 53", I read some doc on BIND and understood that this option may not work properly, so they advised to mention source address explicitly?? Although I am using this option to my other named server.

Another good point is logging, I am not sure for an ISP named service, how much syslog size would be sufficient??

one question, shall I apply my ACL to reverse zone also?

regards,
Richard
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎05-18-2004 01:21 AM

‎05-18-2004 01:21 AM

Solution

Re: New Primary master server--Pls comment!!

I would keep the ACL on allzones.

As far as logging - start with 5 x 10MB - then go from there - if you need more, just increase it in the named.conf file and issue a: rndc reload

file "/var/named/named.log" versions 5 size 10; // keep 5 versions max 10 MB in size


As far as query source - yes, you can put the source address explicitly - I have mine at 53 because that was the only way I could get a NT DNS box to transfer (though I havn't tried lately to see if it will work explicitly now...)

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
Rgomes
Valued Contributor

‎05-18-2004 02:12 AM

‎05-18-2004 02:12 AM

Re: New Primary master server--Pls comment!!

Hi Geoff,

Thanks for sharing.

Best regards,
Richard
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.