[WBEL-users] Some BIND questions

Robert Moskowitz rgm@htt-consult.com
Mon, 11 Oct 2004 13:48:51 -0400 

At 01:05 PM 10/11/2004, Kirby C. Bohling wrote:


>On WBEL and presumable, RHEL, your BIND files could be in one of two
>locations depending on if your security updates are current or not.

oh?

>You might need to look at "/etc/sysconfig/named", as your chroot'ed
>environment should be setup there.

ok, will do that.

>The files you wanted to look at are here:
>
>/etc/named.conf

This was altered by the GUI, and it made a bit of a mess with it (but not 
as much as with the zone files themselves.

>or
>/var/named/chroot/etc/named.conf
>
>The actual zone files go in (depending on your named.conf file):
>
>/var/named
>or
>/var/named/chroot/var/named
>
>In reality, I believe that RH/WB would like you to fiddle with
>named.custom.

Well the GUI tool did it to named.conf

> > **The DNS configuration graphic tool is broken.**
>
>I believe that part of your problem is you are fiddling with
>named.conf not named.custom.  That's merely a guess, I've never used
>the GUI tools.

No.  You should have seen what it did for the reverse lookup zone file 
intially.  My domain file was not much better.  But I have overwritten 
those files already with properly formated records.

For example on record had IN twice:

host    IN      IN      A       address

> > How do I reload the files?  Neither ndc or rndc are found. (rndc reload).
>
>When run as root:
>"service named restart" works for me.

I SU'ed in a terminal window and get command not found.

>/usr/sbin/rndc is there on my machine from the bind package.

I will cd to that dir and see what happens

>You might have to make sure the keys are setup correctly to use it.
>
>[root@hawk etc]# which rndc
>/usr/sbin/rndc
>[root@hawk etc]# rpm -q -f /usr/sbin/rndc
>bind-9.2.4-EL3_10

How does this show the keys are set up right?

> > Localhost and 127.0.0.1 are working.
> > forward on my domain works
> > reverse does not.  I am attempting to use RFC 2317 method for CIDR
> > delegation (Solution 3 in BIIND, pgs 239 - 240).
>
>I don't have the book handy.  If I remember correctly, you'll have
>to get your ISP upstream to delagate to you.  Assuming you have done
>that, I'd have to see more of the configuration to know.

I first want to test it out here and then tell them what I want.  They 
probably already know, as they are not so small...

> > For testing reverse, isolated, do I have to master the whole arpa. tree
> > down to my class zone?  ( I am master for the x.x.x.in-addr.arpa and the
> > n-m.x.x.x.in-addr.arpa zones)
>
>Probably.  It should walk down the tree.

I am first going to try a glue record in the forward zone file for 
the  reverse of my system, which is the name server, before I dummy up the 
other zones.

> > I am using the $GENERATE command.  Can't find it clearly defined in Liu's
> > book (he needs a better Index!)  How can I set my debug level to see if
> > this command is working correctly, and which syslog the debug stuff 
> will be
> > written to?
>
>No idea how $GENERATE works.

I would like to find where this syntax is defined.

>I believe named writes to /var/log/messages (grep -r -l named
>"/var/log/" should tell you).  "man named" should tell you the
>options, then add that option to: /etc/sysconfig/named.
>
>It looks like you want to add a line like this:
>
>OPTIONS="-d 10"
>
>to that file (change 10 to whatever debug level you want).

thanks


Barrs Law of Recursive futility
         If you're smart enough to use one of these....
                 .....you can probably manage without one!