| Linode Forum https://forum.linode.com/ |
|
| Binding https://forum.linode.com/viewtopic.php?f=19&t=1683 |
Page 1 of 1 |
| Author: | ferfer [ Thu May 19, 2005 11:41 am ] |
| Post subject: | Binding |
Hi, I need some help with BIND9. I'm going to allocate ~20 domains in a typical LAMP system (Gentoo). Most of those domains are registered via Gandi in which I can do custom DNS (A, MX, CNAME...), so I really don't need to run BIND in my system. But, I want to run BIND because 1) I want to learn it, 2) I want to use webmin --> servers --> virtualmin and it seems simpler if I use BIND, 3) running BIND lets me create some scripts to add subdomains ad-hoc, for example. I made a glue record using Gandi's interface, so I now have ns.mydomain.net pointing to my linode IP. Gandi provides free secondary NS for me -- although that's a question for tomorrow. I think that glue record was the first step. Now, I have bind (named) started, and I can do dig @myip linode.com and it answers. And that is exactly my problem. I don't want people to point to my linode as their DNS server, and asks it for everything. I agree my DNS knowledgement is about zero, but I think it should be possible for my BIND to answer ONLY for the domains it hosts, and only for them. I've started reading about BIND and I cannot find this option -- well, I really don't know the term I'm looking for. Any ideas? Thank you! |
|
| Author: | Ciaran [ Thu May 19, 2005 12:35 pm ] |
| Post subject: | |
I don't know the specific option myself, but I can help you with the term you want. What you want is an option that means the server only answers for domains for which it considers itself "authoritative". Simply put, a non-authoritative domain is one which it has to check from another source (or which has been cached from another source). An authoritative one is one that it knows about itself without having to check anywhere else, which will be the case for your own DNS entries. |
|
| Author: | NecroBones [ Thu May 19, 2005 12:40 pm ] |
| Post subject: | |
I think you're looking for something like this: Code: options {
Change "/var/named" to wherever, of course. You probably already have an options section in your named.conf, and you would just need to add the recursion statement to it. Make sure your resolv.conf doesn't list localhost etc. :) |
|
| Author: | ferfer [ Thu May 19, 2005 5:06 pm ] |
| Post subject: | |
Thank you for your answers. Recursion no seems to do the trick, but when I try nslookup from Windows or dig from my linode: Quote: > www.terra.es Servidor: lixx-xx.members.linode.com Address: 70.85.xxx.xxx Nombre: www.terra.es Served by: - L.ROOT-SERVERS.NET - M.ROOT-SERVERS.NET - A.ROOT-SERVERS.NET - B.ROOT-SERVERS.NET - C.ROOT-SERVERS.NET - D.ROOT-SERVERS.NET - E.ROOT-SERVERS.NET - F.ROOT-SERVERS.NET - G.ROOT-SERVERS.NET - H.ROOT-SERVERS.NET Quote: ; <<>> DiG 9.2.5 <<>> @localhost www.terra.es
; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16071 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.terra.es. IN A ;; AUTHORITY SECTION: . 3600000 IN NS D.ROOT-SERVERS.NET. . 3600000 IN NS E.ROOT-SERVERS.NET. . 3600000 IN NS F.ROOT-SERVERS.NET. . 3600000 IN NS G.ROOT-SERVERS.NET. . 3600000 IN NS H.ROOT-SERVERS.NET. . 3600000 IN NS I.ROOT-SERVERS.NET. . 3600000 IN NS J.ROOT-SERVERS.NET. . 3600000 IN NS K.ROOT-SERVERS.NET. . 3600000 IN NS L.ROOT-SERVERS.NET. . 3600000 IN NS M.ROOT-SERVERS.NET. . 3600000 IN NS A.ROOT-SERVERS.NET. . 3600000 IN NS B.ROOT-SERVERS.NET. . 3600000 IN NS C.ROOT-SERVERS.NET. ;; Query time: 17 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu May 19 22:59:24 2005 ;; MSG SIZE rcvd: 241 It seems quite strange. I've found a way to do an "Authoritative Only DNS Server", at http://www.zytrax.com/books/dns/ch6/index.html#authoritative, and I see that the approach is the same (recursion no). I was expecting an error message for my request, but anyway it may work for my needs. Thank you very much! |
|
| Author: | gmt [ Thu May 19, 2005 10:25 pm ] |
| Post subject: | Re: Binding |
fernandonajer wrote: Hi,
And that is exactly my problem. I don't want people to point to my linode as their DNS server, and asks it for everything. I have dns on my linode with differecnt IPs. Its unlikely that can reach anything else either. You can configure dns so that other servers will cache even if if your dns server is down. |
|
| Author: | NecroBones [ Fri May 20, 2005 9:24 am ] |
| Post subject: | |
fernandonajer wrote: Thank you for your answers. Recursion no seems to do the trick, but when I try nslookup from Windows or dig from my linode:
-snip- It seems quite strange. I've found a way to do an "Authoritative Only DNS Server", at http://www.zytrax.com/books/dns/ch6/index.html#authoritative, and I see that the approach is the same (recursion no). I was expecting an error message for my request, but anyway it may work for my needs. Thank you very much! Yeah, you won't get an error, just the root hints. Basically your server tells the client "I don't have that information, but here's where you can start". If you really wanted to configure it to generate errors or NXDOMAINs, I'm sure there are some config tricks you can do, but it's not going to be worth your time. :) |
|
| Author: | ferfer [ Fri May 20, 2005 9:51 am ] |
| Post subject: | |
NecroBones wrote: If you really wanted to configure it to generate errors or NXDOMAINs, I'm sure there are some config tricks you can do, but it's not going to be worth your time.
 Ok, I'll leave it that way. I've started to host my sites with my own DNSs, I've 3 of them up and running, so I'm 
Thank you for your help! |
|
| Author: | sweh [ Tue May 24, 2005 5:13 pm ] |
| Post subject: | |
Try something like options { allow-recursion { 127.0.0.1; }; directory "/var/named"; }; This _should_ only allow your own machine to use your DNS server for recursive lookups. If I try to use my server to lookup other stuff (firstly for a domain it's authorative for, then for someone elses domain): > server 66.160.141.105 Default server: 66.160.141.105 Address: 66.160.141.105#53 > sweh.spuddy.org Server: 66.160.141.105 Address: 66.160.141.105#53 sweh.spuddy.org canonical name = linode.spuddy.org. Name: linode.spuddy.org Address: 66.160.141.105 > www.linode.com Server: 66.160.141.105 Address: 66.160.141.105#53 Non-authoritative answer: *** Can't find www.linode.com: No answer > |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|