Differences between version 13 and predecessor to the previous major change of NamedNotes.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 13 | Last edited on Wednesday, February 11, 2004 4:54:29 pm | by DrewBroadley | Revert |
| Older page: | version 1 | Last edited on Friday, June 7, 2002 5:02:06 pm | by perry | Revert |
@@ -1,5 +1,5 @@
-See Also: named(8), named.conf(5)
+See Also: named(8), named.conf(5), [HowToChrootBINDHOWTO], [DNSHowTo], ZoneFile.
----
If you have problems with your zone files, you probably forgot a "."
----
@@ -8,10 +8,20 @@
$GENERATE 150-250 $.0.0.10.in-addr.arpa. PTR dhcp-$.example.com.
----
Remember, MX's and NS records can't point to CNAMEs.
+
+----
+An MX record should not be a raw IP address either.
+
----
You can have more than one record type for a domain/host, so long as none of them as CNAMEs. ie: you can have two A's, or an A and a TXT, but ''never'' an A and a CNAME, or an TXT and a CNAME, or even two CNAMES.
+
+----
+You can define seperate TTL's (in seconds) for records e.g.:
+ shortttl 3600 IN A 127.0.0.1
+
+This will give shortttl.domain.co.nz a TTL of an hour
----
Try and have names for services (such as "proxy", "www", "smtp" etc) as this means when you move a service onto a different machine you can change the DNS once and everything will be updated.
@@ -20,12 +30,12 @@
----
Sample zone file:
@ IN SOA foo.com. soa.foo.com. (
2002060700 ; serial
- 10800 ; refresh (3 hours)
- 3600 ; retry (1 hour)
+ 10800 ; refresh (10800 seconds =
3 hours)
+ 3600 ; retry (3600 seconds =
1 hour)
3600000 ; expire
- 86400 ) ; minimum
+ 86400 ) ; negative cache time-to-live
@ IN NS ns1.foo.com.
@ IN NS ns2.foo.com.
@ IN MX 10 smtp.foo.com.
@ IN MX 20 smtp.baz.com.
@@ -36,4 +46,35 @@
proxy IN CNAME box1
pop3 IN CNAME box1
www IN CNAME box1
news IN CNAME box1
+
+See ZoneFile for a more verbose description.
+----
+Useful config tweaks (possibly [Debian]-specific).
+
+(found at http://www.cryptio.net/~ferlatte/config/)
+
+1) Run bind as non-root. Create a bind user with home directory of /var/cache/bind, chmod -R bind.bind /var/cache/bind, and add OPTIONS="-u bind -g bind" to /etc/default/bind. This will have the side-affect of preventing named from listening on interfaces that get created after it starts.
+
+2) Add "category statistics { null; };" into the logging section of /etc/bind/named.conf to prevent stats going into syslog.
+----
+Root zone
+Debian woody (bind ver 8) -
+etc/bind/named.conf:
+ zone "." {
+ type hint;
+ file "/etc/bind/db.root";
+ };
+
+Red Hat 8 (bind ver 9) -
+ zone "." {
+ type hint;
+ file "named.ca";
+ };
+(this file should live in /var/named/)
+----
+ISC has recently released a patch that fixes problems with the Verisign wildcard on the .com and .net root zones. The patch only allows delegations from the root zones and will ignore any A records that are returned directly from the root zone. This seems to be quite a tidy solution to the problem.
+
+You can find more details about the patch at the URL below.
+ http://www.isc.org/products/BIND/delegation-only.html
+----
