BIND 8.1 structure for named.conf (named.boot)

BIND 8.1 structure for named.conf (named.boot)

Post by Ronald Mark Procopi » Thu, 05 Jun 1997 04:00:00



Quote:>If you haven't already noticed in the src/bin/named directory is a perl
>script called named-bootconf.pl that might help you with the >conversion.  

I never asked how to convert,  I asked why such a drastic change in
the config was needed.  and will zone specific information
(allow-transfer,allow_query) listed in the boot.conf follow the zone
information in a zone transfer as it should (secure_zone)?  I don't
think so which means the allow_transfer in the boot.conf on a per zone
basis is useless if the servers that are allowed don't have similar
definitions.

ie.  MASTER is running 8.1  secondary is running 4.9.5-p1 .  MASTER
has ZONE specific about who can transfer in named.conf.  4.9.5-p1
transfers zone and doesn't have this restriction because it is not in
the ZONE file.  BOTH servers will only recognize SERVER xfrnets not
zone specific transfer limitations.  Consequently the secondary
allows zone transfers which shouldn't be allowed.  IF the secondary is
8.1 and doesn't have the allow_transfer limitaion listed in it's
boot.conf same problem.

THAT is why I asked why zone specific data like allow_transfer and
allow_query was in the boot.conf and not in the zone files.

A secondary server should'nt have to be configured again for such
limitations on a zone.  SECURE_ZONE works in this fashion.
Unfortunately SECURE_ZONE combines both query and transfer.

I don't want to limit queries, just transfers, ANd some of these
secondary servers may not be running 8.1 or set up to limit transfers
which breaks the security of allow_transfer for specific zones.

--
"There are those who claim that magic is like the tide; that it swells
and fades over the surface of the earth, collecting in concentrated
pools here and there, almost disappearing from other spots, leaving
them parched for wonder.  There are also those who believe that if you
stick your fingers up your nose and blow, it will increase your
intelligence."
                -- The Teachings of Ebenezum, Volume VII
=================

 
 
 

BIND 8.1 structure for named.conf (named.boot)

Post by Barry Margoli » Thu, 05 Jun 1997 04:00:00




Quote:>THAT is why I asked why zone specific data like allow_transfer and
>allow_query was in the boot.conf and not in the zone files.

That would require a change to the DNS protocol, in order to specify a
representation for this option in the zone transfer.  Presumably the change
would be fairly simple, a new resource record associated with a domain.
The change as currently implemented in 8.1 requires no protocol changes,
it's just a configuration option.

And if the protocol were enhanced, it still wouldn't help if the secondary
server were running an old version of BIND, since it wouldn't recognize the
new resource record.

--

BBN Corporation, Cambridge, MA
Support the anti-spam movement; see <http://www.cauce.org/>

 
 
 

BIND 8.1 structure for named.conf (named.boot)

Post by Paul Vixi » Thu, 12 Jun 1997 04:00:00


Quote:> I never asked how to convert,  I asked why such a drastic change in
> the config was needed.

Because we had a lot more stuff to specify on a per-zone basis, and we
had already used pretty much every positional field I was comfortable
with in the BIND-4 "primary" and "secondary" directives.  Also, the
parser in BIND-4 was out of control, and the syntax error reporting was
horrid.  We have a very clean, extensible parser and configurator now,
and I do not expect any incompatibilities to be introduced in the future.

Keep in mind when evaluating the BIND-4 configuration syntax that it was
hacked together at the last minute by a desperate, sleep-challenged grad
student back in the mid 1980's.  Nobody who had any thought about "what's
the right way to do this?" would have come up with yet another strcmp()
based parser.  Ick, ick, ick.

Quote:> and will zone specific information (allow-transfer,allow_query) listed in
> the boot.conf follow the zone information in a zone transfer as it should
> (secure_zone)?  I don't think so which means the allow_transfer in the
> boot.conf on a per zone basis is useless if the servers that are allowed
> don't have similar definitions.

Yes, that's true.  Your master and slaves have to have the same access lists
or they do you no good.  We removed the secure_zone stuff in BIND-8 since
it was nonextensible and not implemented by Microsoft's DNS.  If somebody
wants to do the IETF legwork of defining DNS structures to control access
to zones and queries and updates, so that BIND can do something which is
compatible and standardized, we will implement it in a heartbeat.  But in
the meanwhile I have to say: no new hacks.
--
Paul Vixie
La Honda, CA

pacbell!vixie!paul               longer than most." --Jim Fleming
 
 
 

1. BIND 8.1 structure for named.conf (named.boot)

I'm curious at the change made for the named.boot file to
named.conf.  Why was such a drastic change made?

The syntax does'n really bother me (though it means lots of
conversions),  What does bother me is the removal of zone specific
info from the zone files into the namd.conf file.

Not only has the syntax changed but many option have moved from
the zone files into the named.conf (SECURE_ZONE).

Why was this done.  This means that a change to a zone may require
a change in the options which are now in a different file.

There is also little documentation about some of the server options
ie listen_on.  may seem staright forward, But I need to know
if it will listen on ALL interfaces for answers.

Documentation on this is unclear.  It states that it will listen for
QUERIES on the stated interface, not answers.  This is important to know
for those running firewalls.  If this means it will only accept queires
from the configured interface but still listen and SEND queries to
others it means many patched firewalls can go to standard
bind in stead of haveing to make additional patches.

If anyone know the reasoning behind the change I'd like to know.

Ronald Procopio

2. TFT SCREENS

3. Query Line in named.conf Bind 8.1

4. Desktop Settings Not Saving

5. 8.1 T5B/named.conf

6. Sizing a Print Server for 500-1000 Printers

7. how to start/boot with `named 8.1-T3B'

8. named.conf and/or named.boot

9. script to convert v4 named.boot to v8 named.conf and back?

10. named.boot vs. named.conf ???

11. Converting named.boot to named.conf