Penguin
Note: You are viewing an old revision of this page. View the current version.

See Also: named(8), named.conf(5), HowToChrootBINDHOWTO?, DNSHowTo?, ZoneFile.


If you have problems with your zone files, you probably forgot a "."


named(8) lets you generate lines in your zonefile by
$GENERATE 150-250 $.0.0.10.in-addr.arpa. PTR dhcp-$.example.com.

Remember, MX's and NS records can't point to CNAMEs.


You can have more than one record type for a domain/host, so long as none of them as CNAMEs. ie: you can have two A's, or an A and a TXT, but never an A and a CNAME, or an TXT and a CNAME, or even two CNAMES.


Try and have names for services (such as "proxy", "www", "smtp" etc) as this means when you move a service onto a different machine you can change the DNS once and everything will be updated.


Try and use one name for a NS record for all zones that reside on that machine. for example in "foo.example.com" use "ns1.example.com" and in "example2.com" use "ns1.example.com", this means that when "ns1.example.com" changes it's IP, you will only have to update it once for each registrar, not once per registrar per zone.


Sample zone file

@ IN SOA foo.com. soa.foo.com. (

2002060700 ; serial 10800 ; refresh (10800 seconds = 3 hours) 3600 ; retry (3600 seconds = 1 hour) 3600000 ; expire 86400 ) ; negative cache time-to-live

@ IN NS ns1.foo.com. @ IN NS ns2.foo.com. @ IN MX 10 smtp.foo.com. @ IN MX 20 smtp.baz.com. ns1 IN A 1.2.3.4 ns2 IN A 1.2.4.5 smtp IN A 1.2.3.4 box1 IN A 1.2.3.6 proxy IN CNAME box1 pop3 IN CNAME box1 www IN CNAME box1 news IN CNAME box1

See ZoneFile for a more verbose description.


Useful config tweaks (possibly Debian-specific).

(found at http://www.cryptio.net/ferlatte/config/)

1) Run bind as non-root. Create a bind user with home directory of /var/cache/bind, chmod -R bind.bind /var/cache/bind, and add OPTIONS="-u bind -g bind" to /etc/default/bind. This will have the side-affect of preventing named from listening on interfaces that get created after it starts.

2) Add "category statistics { null; };" into the logging section of /etc/bind/named.conf to prevent stats going into syslog.


Root zone Debian woody (bind ver 8) -

etc/bind/named.conf

zone "." {

type hint; file "/etc/bind/db.root";

};

Red Hat 8 (bind ver 9) -

zone "." {

type hint; file "named.ca";

};

(this file should live in /var/named/)


ISC has recently released a patch that fixes problems with the Verisign wildcard on the .com and .net root zones. The patch only allows delegations from the root zones and will ignore any A records that are returned directly from the root zone. This seems to be quite a tidy solution to the problem.

You can find more details about the patch at the URL below.

http://www.isc.org/products/BIND/delegation-only.html


What to find out what version of Named that a server runs? Here is a couple of handy commands that can tell you what version of bind a server is running.

nslookup -q=txt -class=CHAOS version.bind.

dig @nameservers.name version.bind ch txt