Re: named configuration

Thu, 08 Jan 2009 10:13:02 -0800 

On Jan 8, 2009, at 7:09 AM, Oliver Block wrote:

Hello everybody,
I am responsible for a so called vServer. I did not pay much attention to the nameserver setup as yet. But now I'd like to configure our named correctly in 
order to use dynamic updates for subdomains later.
preface: I hope you don't mind that I obscure the output because I don't 
             want to feed bots scanning this mailing list.

When I call

dig mydomain.org NS

I get

;; QUESTION SECTION:
;mydomain.org.               IN      NS

;; ANSWER SECTION:
mydomain.org.        1616    IN      NS      ns.myisp.net.
mydomain.org.        1616    IN      NS      ns2.myisp.net.

as nameservers. When I do the same for a subdomain, e.g.

dig sub.mydomain.org NS

I receive the following response:

;; QUESTION SECTION:
;sub.mydomain.org.                IN      NS

;; AUTHORITY SECTION:
mydomain.org.        1666    IN      SOA     ns.myisp.net.
hostmaster.myisp.net. 2007062401 28800 1800 604800 86400
Which options do I have to run our named (in order to use dynamic updates for 
subdomains)?
First, an explanation of the result you're seeing for the second query. This is a negative answer, meaning that sub.mydomain.org does not exist.
Now, to your question, do you want to add records for subdomains to the mydomain.org zone or do you want to create all new subzones? If the latter, it can't be done via dynamic update - there's no way to create a new zone on the server without modifying the configuration files.
If you instead just want to create sub.mydomain.org in the mydomain.org zone, all you have to do is add the allow-update (or update-policy) statement to your zone statement on the master. You should use TSIG keys if possible, or GSS-TSIG if you must, in preference to insecure updates. You should also enable update forwarding on ns2.myisp.net, which is especially easy if you use TSIG or GSS-TSIG signatures.
Please read the relevant sections of the BIND 9 ARM regarding dynamic updates and transaction signatures. 
https://www.isc.org/software/bind/documentation/arm95#Bv9ARM.ch04
https://www.isc.org/software/bind/documentation/arm95#dynamic_update_security

Chris Buxton
Professional Services
Men & Mice


_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to