BIND

From SOWNWiki
Jump to: navigation, search

logo-yellow.png

Update Needed
This page needs to be updated

This is somewhat out of date and will be even more so when we move to the 10.5.0.0/16 subnet.


BIND
BIND
Installed on sown-auth2, sown-gw
Was installed on sown-auth, sown-vpn
Website http://www.isc.org/index.pl?/sw/bind/index.php

BIND is used as the domain naming service by SOWN. It is installed on sown-auth2 and sown-gw the sown-home nodes for use in the network.

The internal master DNS configuration is held on sown-auth2. sown-gw slaves against it.

The external DNS is configuration is held by Total Web Solutions Ltd

There are two zones, 'sown.org.uk' and 'users.sown.org.uk'. The zone file for 'users.sown.org.uk' is generated from the database when a new user logs in.

The `named.conf.local' file on the slave servers look as so:

 zone "sown.org.uk" {
         type slave;
         masters { 10.13.0.239; };
         file "/var/cache/bind/db.sown.org";
 };
 zone "users.sown.org.uk" {
         type slave;
         masters { 10.13.0.239; };
         file "/var/cache/bind/db.users.sown.org.uk";
 };
 
 zone "13.10.in-addr.arpa" {
         type slave;
         masters { 10.13.0.239; };
         file "/var/cache/bind/db.10.13";
 };
 zone "0.13.10.in-addr.arpa" {
         type slave;
         masters { 10.13.0.239; };
         file "/var/cache/bind/db.10.13.0";
 };
 zone "7.f.0.d.0.0.0.3.6.0.1.0.0.2.ip6.arpa" {
         type slave;
         masters { 10.13.0.239; };
         file "/var/cache/bind/db.ip6ptr";
 };
 

The 10.13.0 reverse-zone holds all the servers, whereas 10.13 holds all the users.

The `sown.org.uk` zone file imports a 'nodes-fragment', which contains 'A' records for all the sown@home nodes.

The dns server runs in a chroot jail.

Bind Cache Query Problem

This was a problem which occurred on Auth when we upgraded the machine on 22nd August 2009

The following was added to named.conf.options

acl "trusted" {
    10.13.0.0/16;
    152.78.0.0/16;
    localhost;
    localnets;
};

options {
    allow-query { any; };
    allow-recursion { trusted; };
    allow-query-cache { trusted; }; 
};
... more about "BIND"
This is somewhat out of date and will be even more so when we move to the 10.5.0.0/16 subnet. +