[WBEL-users] Some BIND questions

[Kirby C. Bohling]

On Mon, Oct 11, 2004 at 12:13:26PM -0400, Robert Moskowitz wrote:
> NOTE : I am not skilled with LINUX.  I am trying to switch out an NT Domain 
> for a SAMBA Domain, and one of my colleagues set me up with Whitebox for 
> stablity over Fedora or Debian...
> 
> The system is running isolated on its own VLAN with no outside contact 
> (thus no updates!), with the same address and host name as the NT server it 
> will replace (to keep all configs cleaner).  I can switch test systems to 
> the VLAN as progress is made....
> 
> ======================================================================
> 
> I use to know BIND 4.x quite well, but I am dated.....
> 
> What version of BIND is running on Whitebox, and how do I check the version.

rpm -q bind will generally tell you the version you installed.
Bind 9.2.X.
 
> 
> I have editted my named.conf and the zone files in /var/named as per Liu's 
> BIND book 4th Ed (had to get it and pitch my 2nd Ed).

Just a point of order, O'Reilly used to have a pretty good deal if
had and older version of a book, they'd sell you the updated version
if you'd cut off the cover of the old version and send it to them.
I've never participated, but essentially, you'd paid for the most
content once, so they cut you a break on the updates.  Not sure if
that's still true or not.

On WBEL and presumable, RHEL, your BIND files could be in one of two
locations depending on if your security updates are current or not.

<rant>
Whoever the clever fool who decided to make it chroot by default
upon install and then undo the decision during the same stable
series should be beaten with a heavy stick.  Especially since it
silently broke my name server, and didn't even attempt to handle it
gracefully.
</ran>

You might need to look at "/etc/sysconfig/named", as your chroot'ed
environment should be setup there.

The files you wanted to look at are here:

/etc/named.conf
or
/var/named/chroot/etc/named.conf

The actual zone files go in (depending on your named.conf file):

/var/named
or
/var/named/chroot/var/named

In reality, I believe that RH/WB would like you to fiddle with
named.custom.

> 
> **The DNS configuration graphic tool is broken.**

I believe that part of your problem is you are fiddling with
named.conf not named.custom.  That's merely a guess, I've never used
the GUI tools.

> 
> How do I reload the files?  Neither ndc or rndc are found. (rndc reload).

When run as root:
"service named restart" works for me.

/usr/sbin/rndc is there on my machine from the bind package.

You might have to make sure the keys are setup correctly to use it.

[root@hawk etc]# which rndc
/usr/sbin/rndc
[root@hawk etc]# rpm -q -f /usr/sbin/rndc
bind-9.2.4-EL3_10


> 
> Localhost and 127.0.0.1 are working.
> forward on my domain works
> reverse does not.  I am attempting to use RFC 2317 method for CIDR 
> delegation (Solution 3 in BIIND, pgs 239 - 240).

I don't have the book handy.  If I remember correctly, you'll have
to get your ISP upstream to delagate to you.  Assuming you have done
that, I'd have to see more of the configuration to know.

> 
> So is there a way to:
> 
> query to see which zones are running?

Out of my league.  "service named restart", outputs all of the files
it loads, not sure if that includes all zones or not.  That's
generally how see what is going right or wrong.

> 
> For testing reverse, isolated, do I have to master the whole arpa. tree 
> down to my class zone?  ( I am master for the x.x.x.in-addr.arpa and the 
> n-m.x.x.x.in-addr.arpa zones)

Probably.  It should walk down the tree.  The easiest way to see
that is probably to query on the same VLAN from a remote machine.
Run ethereal.  It's a very nice GUI network sniffer that breaks down
packets for you to explain what is in them.  I've never done reverse
DNS, but I know I've done forwards DNS and it did a decent job.
It'll at least tell you what it is asking for.

> 
> I am using the $GENERATE command.  Can't find it clearly defined in Liu's 
> book (he needs a better Index!)  How can I set my debug level to see if 
> this command is working correctly, and which syslog the debug stuff will be 
> written to?

No idea how $GENERATE works.  

I believe named writes to /var/log/messages (grep -r -l named
"/var/log/" should tell you).  "man named" should tell you the
options, then add that option to: /etc/sysconfig/named.

It looks like you want to add a line like this:

OPTIONS="-d 10"

to that file (change 10 to whatever debug level you want).

> 
> Can I set debug to see the processing of a DIG on the reverse lookup?


	Thanks,
		Kirby