Re: DNS
* Michael W. Cole (colemw@home.com) wrote:
> I am trying to install DNS on my linux 2.2.19 box (i386 dist). I am
> having difficulty with the zone scripts for the domain, xxxxx.org. The
> name server is ns.xxxx.org Can you show me a generic file with a
> description of what is needed in this file?
> Thank you
> Michael
Michael,
I hope these work for you. I've gotten them to work with the help of
people from my local LUG, manu kudos to them for help. Good luck.
Alex.
==========================================================================
/etc/bind/named.conf:
==========================================================================
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
options {
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
auth-nxdomain yes;
directory "/var/named";
#OM: forward first; # Makes NS ask the forwarders before trying the job
forwarders { 128.xxx.xx.x; 128.xx.x.x; };
allow-query { xxx.xxx.xx.xxx; 127.0.0.1; };
allow-transfer { xxx.xxx.xx.xx; };
pid-file "/var/named/named.pid";
transfer-format one-answer;
version "Whatchew talkin bout, Willis?";
allow-recursion { 127.0.0.1; };
};
// define a key - you should really change the secret since
// all Debian boxes everywhere will have the same secret
key "key" {
algorithm hmac-md5;
secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};
// fortunately, using this control statement, we restrict access
// to the control port 953/tcp to only the localhost and we
// configure named to listen to 953 only on the lo interface
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { "key"; };
};
logging {
channel "named.log" {
file "named.log";
severity dynamic;
print-category yes;
print-severity yes;
};
category default { default_syslog; "named.log"; };
category queries { "named.log"; };
};
// prime the server with knowledge of the root servers
zone "." IN {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" IN {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" IN {
type master;
file "/etc/bind/db.127";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "/etc/bind/db.0";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "/etc/bind/db.255";
allow-update { none; };
};
// add entries for other zones below here
zone "mydomain.org" IN {
type master;
notify yes;
allow-query { any; };
file "/etc/bind/db.mydomain.org";
};
=====================================================================
/etc/bind/db.mydomain.org
=====================================================================
;
; Zone file for tagancha.org
; Written by Oleksandr Moskalenko from the initial file by Ryan Helfter
; with the help of Linux DNS How-To
$TTL 3600
@ 1800 SOA ns.mydomain.org. hostmaster (
2001080601 ; serial (YYYYMMDD##)
900 ; refresh
600 ; retry
259200 ; expire
1800 ; TTL
)
; Name servers
NS ns
NS ns1.granitecanyon.com.
NS ns2.granitecanyon.com.
; Mx record
MX 10 mail.mydomain.org.
; hosts
localhost A 127.0.0.1
ns A 128.xxx.xxx.xx
www CNAME ns
mail CNAME ns
ftp CNAME ns
baby CNAME ns
Reply to:
- References:
- DNS
- From: "Michael W. Cole" <colemw@home.com>