Bind sanity check
I'm going to swap my presently-hosted domain over to my own box here
which is at the end of a DSL line. I've been going through reading the DNS
how-to to set up bind. I'm pretty sure I have things mostly right but there
are enough differences between the how-to's config files and Debian's setup
that I'm not 100% sure; so I thought I might ask anyone more experienced to
check my configuration out.
The "domain" is simple: just one public IP address (216.64.109.143)
aliased with the typical domain machine names (e.g. www, mail, ns, etc.).
Here's what I've added to the bottom of Debian's default named.conf:
-snip-
zone "golgotha.net" {
type master;
file "/etc/bind/db.golgotha";
};
zone "109.64.216.in-addr.arpa" {
type master;
file "/etc/bind/db.rev.golgotha";
};
-snip-
and the contents of my db.golgotha file:
-snip-
; BIND zone data file for golgotha.net domain
;
$TTL 604800
@ IN SOA golgotha.net. spartacus.golgotha.net. (
199912041 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
NS ns
MX 10 mail
localhost A 127.0.0.1
ns A 216.64.109.143
MX 10 mail
HINFO "i386-based" "GNU/Linux"
www A 216.64.109.143
MX 10 mail
HINFO "i386-based" "GNU/Linux"
mail A 216.64.109.143
MX 10 mail
HINFO "i386-based" "GNU/Linux"
ftp A 216.64.109.143
MX 10 mail
HINFO "i386-based" "GNU/Linux"
-snip-
and also the db.rev.golgotha file:
-snip-
;
; BIND zone data file for golgotha.net domain
;
$TTL 604800
@ IN SOA golgotha.net. spartacus.golgotha.net. (
199912041 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
NS ns.golgotha.net.
216.64.109.143 PTR ns.golgotha.net.
216.64.109.143 PTR www.golgotha.net.
216.64.109.143 PTR mail.golgotha.net.
216.64.109.143 PTR ftp.golgotha.net.
216.64.109.143 PTR spartacus.golgotha.net.
-snip-
Questions: First, can anyone see any errors/problems/stupidity in the above?
Secondly, what's the best way to implement private (192.168.*.*) machines
into this DNS/domain? Is it best to have the private network machines in a
bogus domain or not in a DNS at all but using a hosts file? Or is there a
sane/secure way I can list the private machines in the DNS under their
regular domain name?
Another, near trivial question, why is the Debian preference to use
seconds for refresh/retry instead of the how-to's 8H and more readable
format? Is this just to save the computational work of parsing "8H" and
converting it?
Thanks in advance.
--
Regards, | Debian GNU/ __ o http://www.debian.org
. | / / _ _ _ _ _ __ __
Randy | / /__ / / / \// //_// \ \/ /
(redwards@golgotha.net) | /____/ /_/ /_/\/ /___/ /_/\_\
http://www.golgotha.net | because lockups should only be for convicts.
Reply to: