BIND
From SOWNWiki
Update Needed
This page needs to be updated
This is somewhat out of date and will be even more so when we move to the 10.5.0.0/16 subnet.
| BIND | |
|---|---|
| |
| Installed on | sown-auth2, sown-gw |
| Was installed on | sown-auth, sown-vpn |
| Website | http://www.isc.org/index.pl?/sw/bind/index.php |
BIND is used as the domain naming service by SOWN. It is installed on sown-auth2 and sown-gw the sown-home nodes for use in the network.
The internal master DNS configuration is held on sown-auth2. sown-gw slaves against it.
The external DNS is configuration is held by Total Web Solutions Ltd
There are two zones, 'sown.org.uk' and 'users.sown.org.uk'. The zone file for 'users.sown.org.uk' is generated from the database when a new user logs in.
The `named.conf.local' file on the slave servers look as so:
zone "sown.org.uk" {
type slave;
masters { 10.13.0.239; };
file "/var/cache/bind/db.sown.org";
};
zone "users.sown.org.uk" {
type slave;
masters { 10.13.0.239; };
file "/var/cache/bind/db.users.sown.org.uk";
};
zone "13.10.in-addr.arpa" {
type slave;
masters { 10.13.0.239; };
file "/var/cache/bind/db.10.13";
};
zone "0.13.10.in-addr.arpa" {
type slave;
masters { 10.13.0.239; };
file "/var/cache/bind/db.10.13.0";
};
zone "7.f.0.d.0.0.0.3.6.0.1.0.0.2.ip6.arpa" {
type slave;
masters { 10.13.0.239; };
file "/var/cache/bind/db.ip6ptr";
};
The 10.13.0 reverse-zone holds all the servers, whereas 10.13 holds all the users.
The `sown.org.uk` zone file imports a 'nodes-fragment', which contains 'A' records for all the sown@home nodes.
The dns server runs in a chroot jail.
Bind Cache Query Problem
This was a problem which occurred on Auth when we upgraded the machine on 22nd August 2009
The following was added to named.conf.options
acl "trusted" {
10.13.0.0/16;
152.78.0.0/16;
localhost;
localnets;
};
options {
allow-query { any; };
allow-recursion { trusted; };
allow-query-cache { trusted; };
};