Help: setting up DNS (BIND 9) under RH7.1

Help: setting up DNS (BIND 9) under RH7.1

Post by Doctor » Tue, 12 Jun 2001 00:39:26



Hello,

I successfully followed the DNS-HOWTO and setup a forwarding nameserver
under RH 7.0.  I just upgraded to RH 7.1 and have been unsuccessful so
far in setting up the same.

For one thing, the command "ndc" no longer exists.  I used to type "ndc
start" to start the nameserver.  It seems to have been replaced with
"rndc" which doesn't accept "start."  I tried "rndc reload" and get
"connection refused."

I downloaded and tried reading the "BIND 9 Administrator Reference
Manual" but I guess I'm just not smart enough to use it yet.

Can someone provide some guidance as to how to setup DNS following the
basic guidelines provided by the DNS HOWTO (Jan 2001)?   Is it necessary
for me to create a public/private keyset and somehow put them to use?
Once I get my config files right what command do I issue to start the
*y thing?

I'd appreciate any help as I've spent an entire day pulling my
(originally already sparse) hair out over this.

Thanks.

JJ
(please note that return address must be altered).

 
 
 

Help: setting up DNS (BIND 9) under RH7.1

Post by Daniel Thoma » Mon, 11 Jun 2001 17:02:58


Cant help much with the setup since I only just started with named myself.
But I did install it at work the other day.  And had no problems configuring
it.

There should be 2 ways of starting it.
A) the rc.d scripts - more preferable
    /etc/rc.d/init.d/named start

B) running it directly - this depends on where you installed it
    /usr/local/named/bin/named -c named.conf
    You WILL have to change this for your system

As far as I understand it (someone please correct me) the keysets are only
part of an optional security setup which doesn't need to be configured.

Hope this helps (bind is fun, yes?)
Daniel


Quote:> Hello,

> I successfully followed the DNS-HOWTO and setup a forwarding nameserver
> under RH 7.0.  I just upgraded to RH 7.1 and have been unsuccessful so
> far in setting up the same.

> For one thing, the command "ndc" no longer exists.  I used to type "ndc
> start" to start the nameserver.  It seems to have been replaced with
> "rndc" which doesn't accept "start."  I tried "rndc reload" and get
> "connection refused."

> I downloaded and tried reading the "BIND 9 Administrator Reference
> Manual" but I guess I'm just not smart enough to use it yet.

> Can someone provide some guidance as to how to setup DNS following the
> basic guidelines provided by the DNS HOWTO (Jan 2001)?   Is it necessary
> for me to create a public/private keyset and somehow put them to use?
> Once I get my config files right what command do I issue to start the
> *y thing?

> I'd appreciate any help as I've spent an entire day pulling my
> (originally already sparse) hair out over this.

> Thanks.

> JJ
> (please note that return address must be altered).


 
 
 

Help: setting up DNS (BIND 9) under RH7.1

Post by Ian Northeas » Mon, 11 Jun 2001 21:35:29



> As far as I understand it (someone please correct me) the keysets are only
> part of an optional security setup which doesn't need to be configured.

You will have to configure a key to use rndc, and rndc is the
recommended way of controlling bind now. Use of signals is discouraged.

What you need is e.g.:

In named.conf:

key rndc-key {
        algorithm "hmac-md5";
        secret "<key>";

Quote:};

controls {
        inet 127.0.0.1 allow { localhost; } keys { rndc-key; };

Quote:};

In rndc.conf:

key rndc-key {
        algorithm "hmac-md5";
        secret "<key>";

Quote:};

options {
        default-server localhost;
        default-key rndc-key;

Quote:};

It doesn't matter what you call the key of course. The key itself is a
base-64 encoded string which can be generated with dnssec-keygen or
mmencode. The value has to be the same in both files.

The above allows anyone on the local host with read access to rndc.conf
and named.conf to control bind. If there are other users, you should
read protect these files.

Regards, Ian

 
 
 

Help: setting up DNS (BIND 9) under RH7.1

Post by Dean Thompso » Wed, 13 Jun 2001 12:41:58


Hi!,

Quote:> I successfully followed the DNS-HOWTO and setup a forwarding nameserver
> under RH 7.0.  I just upgraded to RH 7.1 and have been unsuccessful so
> far in setting up the same.

> I downloaded and tried reading the "BIND 9 Administrator Reference
> Manual" but I guess I'm just not smart enough to use it yet.

You should be able to basically take the same files that were in BIND 8 and
move them across to bind 9.  The only problem that you have is if you did any
customisation of files or if you are looking after your own zone files.  You
need to make sure that each of the zone files has a TTL definition in it.

As for starting it, there should either be a file called "named" which lives
in your /etc/rc.d/init.d directory which you can use to issue instructions, or
failing that, you can start the name server by issuing a command like:
/usr/sbin/named

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+