Differences between version 10 and predecessor to the previous major change of NamedNotes.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 10 | Last edited on Wednesday, October 22, 2003 3:37:48 pm | by AdrianKitto | Revert |
| Older page: | version 1 | Last edited on Friday, June 7, 2002 5:02:06 pm | by perry | Revert |
@@ -1,5 +1,5 @@
-See Also: named(8), named.conf(5)
+See Also: named(8), named.conf(5), [HowToChrootBINDHOWTO], [DNSHowTo], ZoneFile.
----
If you have problems with your zone files, you probably forgot a "."
----
@@ -20,12 +20,12 @@
----
Sample zone file:
@ IN SOA foo.com. soa.foo.com. (
2002060700 ; serial
- 10800 ; refresh (3 hours)
- 3600 ; retry (1 hour)
+ 10800 ; refresh (10800 seconds =
3 hours)
+ 3600 ; retry (3600 seconds =
1 hour)
3600000 ; expire
- 86400 ) ; minimum
+ 86400 ) ; negative cache time-to-live
@ IN NS ns1.foo.com.
@ IN NS ns2.foo.com.
@ IN MX 10 smtp.foo.com.
@ IN MX 20 smtp.baz.com.
@@ -36,4 +36,41 @@
proxy IN CNAME box1
pop3 IN CNAME box1
www IN CNAME box1
news IN CNAME box1
+
+See ZoneFile for a more verbose description.
+----
+Useful config tweaks (possibly [Debian]-specific).
+
+(found at http://www.cryptio.net/~ferlatte/config/)
+
+1) Run bind as non-root. Create a bind user with home directory of /var/cache/bind, chmod -R bind.bind /var/cache/bind, and add OPTIONS="-u bind -g bind" to /etc/default/bind. This will have the side-affect of preventing named from listening on interfaces that get created after it starts.
+
+2) Add "category statistics { null; };" into the logging section of /etc/bind/named.conf to prevent stats going into syslog.
+----
+Root zone
+Debian woody (bind ver 8) -
+etc/bind/named.conf:
+ zone "." {
+ type hint;
+ file "/etc/bind/db.root";
+ };
+
+Red Hat 8 (bind ver 9) -
+ zone "." {
+ type hint;
+ file "named.ca";
+ };
+(this file should live in /var/named/)
+----
+ISC has recently released a patch that fixes problems with the Verisign wildcard on the .com and .net root zones. The patch only allows delegations from the root zones and will ignore any A records that are returned directly from the root zone. This seems to be quite a tidy solution to the problem.
+
+You can find more details about the patch at the URL below.
+ http://www.isc.org/products/BIND/delegation-only.html
+----
+
+What to find out what version of Named that a server runs? Here is a couple of handy commands that can tell you what version of bind a server is running.
+
+nslookup -q=txt -class=CHAOS version.bind.
+
+dig @nameservers.name version.bind ch txt
