[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bind sanity check

Looks pretty good, ditto to Chris Wagner's comments.

You might want to take out the HINFO stuff.  It's not necessary to
publicize your system type and some people consider HINFO a security
risk.  Up to you.

I'm not sure, but you could just set up the MX record once for the
entire domain and not mess with it on each A record, if I remember
correctly.  You can do this in a section with an $ORIGIN of ".net" and
then have sub-domain type syntax in the same section.

Some people aim the A record for their domain to their webserver or
their mailserver, and in this case I assume you're doing both there...

You may consider adding an A record for the domain without a system
name... i.e. an A record for golgotha.net all by itself.  

It's a little kludge that works nicely... if someone sends mail to
"xyz@golgotha.net" and the mailer can find an A record for golgotha.net,
it'll deliver without having to look up the MX record.

Interesting little twist of things.  Don't know if it follows the RFC's
or not.  Just something I've seen done.

Here's an example with the names changed to protect the innocent...
haha.

$ORIGIN net.
company  14400   IN      SOA     ns1.company.net. nsadmin.company.net. (
                1999111511 3600 600 86400 14400 )
        14400   IN      A       123.123.123.123  //mail svr & Web
redirect
        14400   IN      NS      ns2.company.net.
        14400   IN      NS      ns1.company.net.
        14400   IN      MX      10 mail.company.com.

YMMV.  Good luck!

p.s. If this makes no sense whatsoever, I'm really tired...

Nate Duehr, nate@natetech.com

Randy Edwards wrote:
> 
>    I'm going to swap my presently-hosted domain over to my own box here
> which is at the end of a DSL line.  I've been going through reading the DNS
> how-to to set up bind.  I'm pretty sure I have things mostly right but there
> are enough differences between the how-to's config files and Debian's setup
> that I'm not 100% sure; so I thought I might ask anyone more experienced to
> check my configuration out.
> 
>   The "domain" is simple: just one public IP address (216.64.109.143)
> aliased with the typical domain machine names (e.g. www, mail, ns, etc.).
> 
> Here's what I've added to the bottom of Debian's default named.conf:
> 
> -snip-
> zone "golgotha.net" {
>        type master;
>        file "/etc/bind/db.golgotha";
> };
> 
> zone "109.64.216.in-addr.arpa" {
>        type master;
>        file "/etc/bind/db.rev.golgotha";
> };
> -snip-
> 
> and the contents of my db.golgotha file:
> 
> -snip-
> ; BIND zone data file for golgotha.net domain
> ;
> $TTL    604800
> @       IN      SOA     golgotha.net. spartacus.golgotha.net. (
>                         199912041       ; Serial
>                          604800         ; Refresh
>                           86400         ; Retry
>                         2419200         ; Expire
>                          604800 )       ; Negative Cache TTL
> ;
>                 NS      ns
>                 MX      10 mail
> localhost       A       127.0.0.1
> 
> ns              A       216.64.109.143
>                 MX      10 mail
>                 HINFO   "i386-based" "GNU/Linux"
> 
> www             A       216.64.109.143
>                 MX      10 mail
>                 HINFO   "i386-based" "GNU/Linux"
> 
> mail            A       216.64.109.143
>                 MX      10 mail
>                 HINFO   "i386-based" "GNU/Linux"
> 
> ftp             A       216.64.109.143
>                 MX      10 mail
>                 HINFO   "i386-based" "GNU/Linux"
> -snip-
> 
> and also the db.rev.golgotha file:
> 
> -snip-
> ;
> ; BIND zone data file for golgotha.net domain
> ;
> $TTL    604800
> @       IN      SOA     golgotha.net. spartacus.golgotha.net. (
>                         199912041       ; Serial
>                          604800         ; Refresh
>                           86400         ; Retry
>                         2419200         ; Expire
>                          604800 )       ; Negative Cache TTL
> ;
>                 NS      ns.golgotha.net.
> 
> 216.64.109.143  PTR     ns.golgotha.net.
> 216.64.109.143  PTR     www.golgotha.net.
> 216.64.109.143  PTR     mail.golgotha.net.
> 216.64.109.143  PTR     ftp.golgotha.net.
> 216.64.109.143  PTR     spartacus.golgotha.net.
> -snip-
> 
> Questions: First, can anyone see any errors/problems/stupidity in the above?
> 
>    Secondly, what's the best way to implement private (192.168.*.*) machines
> into this DNS/domain? Is it best to have the private network machines in a
> bogus domain or not in a DNS at all but using a hosts file?  Or is there a
> sane/secure way I can list the private machines in the DNS under their
> regular domain name?
> 
>    Another, near trivial question, why is the Debian preference to use
> seconds for refresh/retry instead of the how-to's 8H and more readable
> format?  Is this just to save the computational work of parsing "8H" and
> converting it?
> 
>    Thanks in advance.
> 
> --
>  Regards,                | Debian GNU/ __      o  http://www.debian.org
>  .                       |            / /     _  _  _  _  _ __  __
>  Randy                   |           / /__  / / / \// //_// \ \/ /
>  (redwards@golgotha.net) |          /____/ /_/ /_/\/ /___/  /_/\_\
>  http://www.golgotha.net | because lockups should only be for convicts.
> 
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

-- 
+-----------------------------------+--------------------------------+
| Nate Duehr - nate@natetech.com    | Support Amateur Radio & Linux! |
| Private Pilot, Telephony Engineer |  Ham Callsign: N0NTZ           |
| UNIX Hack, Perl Hack, Tech-Freak  |  Grid Square: DM79             |
| http://www.natetech.com           | "May the Source be with you."  |
+-----------------------------------+--------------------------------+
Reply to: