Re: [DNG] Online DNS & Bind Refeences.
Quoting KatolaZ (kato...@freaknet.org): > named-checkconf is only half the story. The other half is > named-checkzone :P IMO, the most useful to say about named-checkzone is that it's redundant to 'named-checkconf -z'. So there, I've covered it. ;-> ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Online DNS & Bind Refeences.
Quoting KatolaZ (kato...@freaknet.org): > named-checkconf is only half the story. The other half is > named-checkzone :P Oh, and also: If your zonefiles have $INCLUDE directives and BIND9 is running in a chroot, then named-checkzone will break as it will not understand the referenced file's pathspec as being phrased in the context of the chroot. By contrast, named-checkconf -z -t $CHROOTSPEC does the right thing. That was the specific reason why named-checkzone was useless at my prior firm. We both made extensive use of $INCLUDE and ran BIND9 chrooted. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Online DNS & Bind Refeences.
On Tue, Nov 06, 2018 at 10:25:21PM -0800, Rick Moen wrote: > Quoting terryc (ter...@woa.com.au): > > > 1. What do people recommend as online sources for Bind configuration > > these days. > > Online book _DNS for Rocket Scientists_, > http://www.zytrax.com/books/dns/. > > > 2. what programs do you recommend for checking the configuration files. > > named-checkconf . It comes with BIND9, but many admins are unaware of > it and its essential nature -- that being where the otherwise woefully > lacking linting routines are. named-checkconf is only half the story. The other half is named-checkzone :P HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Online DNS & Bind Refeences.
Quoting terryc (ter...@woa.com.au):
> 1. What do people recommend as online sources for Bind configuration
> these days.
Online book _DNS for Rocket Scientists_,
http://www.zytrax.com/books/dns/.
> 2. what programs do you recommend for checking the configuration files.
named-checkconf . It comes with BIND9, but many admins are unaware of
it and its essential nature -- that being where the otherwise woefully
lacking linting routines are.
At my former place of work, after I started including this preflight
check in all change control requests, my colleagues dubbed it 'the Rick
Test' and it became a local standard -- rather flattering, really.
/usr/sbin/named-checkconf -z -t /var/named/chroot/ /etc/named.conf | \
egrep -v '(loaded serial|all zones must be in views)'
The -z option causes the utility to syntax-check all referenced
zonefiles in addition to conffiles. And you can skip the '-t
/var/named/chroot/' bit if you aren't running BIND9 in a chroot.
I would discourage new installations of BIND9, as it's a slow,
RAM-grabbing, overfeatured, monolithic daemon binary, and you can do
better. If this is for authoritative-only service, look no further than
NSD, a relatively easy migration because it uses directly re-use RFC
1035 ("BIND") zonefiles (which it compiles to binary format for speed).
http://linuxmafia.com/faq/Network_Other/dns-servers.html#nsd
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Online DNS & Bind Refeences.
On Tue, Nov 06, 2018 at 09:56:21PM +1100, terryc wrote: > 1. What do people recommend as online sources for Bind configuration > these days. The bind9 administrator reference manual, which you can find at isc.org, or as part of the bind9-doc package. > > 2. what programs do you recommend for checking the configuration files. > For configuration files, named-checkconf(8), for zones named-checkzone(8). > The problem I'm hitting is the format of woa.com.au/192.168.0.0 zone > files and despite carefully deriving ones from examples in the Debian > wiki I'm getting conflicting error listing. Frustrating. If these are in-addr.arpa. PTR records, they could be conflicting with the RFC 1918 zones bind9 includes by default. Greg -- web site: http://www.gregn.net gpg public key: http://www.gregn.net/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) If we haven't been in touch before, e-mail me before adding me to your contacts. -- Free domains: http://www.eu.org/ or mail dns-mana...@eu.org ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Online DNS & Bind Refeences.
terryc wrote: > The problem I'm hitting is the format of woa.com.au/192.168.0.0 zone > files and despite carefully deriving ones from examples in the Debian > wiki I'm getting conflicting error listing. Frustrating. What sort of problems are you getting ? Some of us here have a bit of experience with BIND. Or there's the BIND-users mailing list where I've found the regulars helpful in the past. https://lists.isc.org/mailman/listinfo/bind-users And don't forget that there's a manual for BIND, the BIND Advanced Reference Manual where everything is documented. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Online DNS & Bind Refeences.
> On 6 Nov 2018, at 21:56, terryc wrote: > > 1. What do people recommend as online sources for Bind configuration > these days. > > 2. what programs do you recommend for checking the configuration files. > > > LS; My antique hardware that was the nameserver and web for the LAN > suffered a motherboard failure and I need to configure a replacement > nameserver on the mail server. > > The old bind configuration held strong, with minor fiddling from before > version 8 and it has been easy to get as forwarding nameserver runnming. > > The problem I'm hitting is the format of woa.com.au/192.168.0.0 zone > files and despite carefully deriving ones from examples in the Debian > wiki I'm getting conflicting error listing. Frustrating. > > Hence asking for tips so I can keep some hair. TIA. http://www.zytrax.com/books/dns/ It’s based on fedora so the configuration files and locations might be slightly different. named-checkconf and named-checkzone will check your configuration files and zone files respectively. HTH —Tom___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Online DNS & Bind Refeences.
1. What do people recommend as online sources for Bind configuration these days. 2. what programs do you recommend for checking the configuration files. LS; My antique hardware that was the nameserver and web for the LAN suffered a motherboard failure and I need to configure a replacement nameserver on the mail server. The old bind configuration held strong, with minor fiddling from before version 8 and it has been easy to get as forwarding nameserver runnming. The problem I'm hitting is the format of woa.com.au/192.168.0.0 zone files and despite carefully deriving ones from examples in the Debian wiki I'm getting conflicting error listing. Frustrating. Hence asking for tips so I can keep some hair. TIA. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
