BIND9 Syntax?

Reko Turja reko.turja at liukuma.net
Sun Jan 14 17:40:06 UTC 2007 

----- Original Message ----- 
From: "Nate Peck" <nate3000 at gmail.com>
To: <freebsd-questions at freebsd.org>
Sent: Sunday, January 14, 2007 6:39 PM
Subject: BIND9 Syntax?


> Dear All,
>
> I've been having trouble with BIND(version 9.3.2-P1), and I'm not 
> sure
> where the problem is. When I try to use nslookup, it spits out:
>
>> server 127.0.0.1
> Default server: 127.0.0.1
> Address: 127.0.0.1#53
>> blue.home.lan
> Server:         127.0.0.1
> Address:        127.0.0.1#53
>
> ** server can't find blue.home.lan: SERVFAIL
>>
>
> I have my server(blue.home.lan), set up on a LAN.
>
> These are my config files:
>
> db.home.lan:
> $TTL 3h
> home.lan. IN SOA blue.home.lan. (
>                          1        ; Serial
>                          3h       ; Refresh after 3 hours
>                          1h       ; Retry after 1 hour
>                          1w       ; Expire after 1 week
>                          1h )     ; Negative caching TTL of 1 hour


And you can define the SOA to be home.lan.
Missing the email address of responsible administrator - should be 
like:

home.lan. IN SOA home.lan.  email.blue.home.lan
                            ^^^^^^^^^^^^^^^^^^^

Notice that first dot only in email-address is substituted by @

Usually a good idea is naming the serial like 2007011401 - year, 
month, day and serial is easier that way in the long run :)

> named.conf:
> options {

If this was public I would consider adding either a recursion no; or 
allow-recursion {}; clauses in options in order to avoid some attack 
techniques utilizing nameservers.

> zone "." IN {
>        type hint;
>        file "named.ca";
> };

You have moved the named.root into named.ca?

No need for IN in these either.

>
> zone "localhost" IN {
>        type master;
>        file "pri/localhost.zone";
>        allow-update { none; };
>        notify no;
> };

Again if public, I would add allow-transfer rules to allow the full 
dump of domains in questions only at appropriate peering servers. 
Maybe allow-query { any; }; for every domain as well.

I might have missed some bugs at cursory glance, but these should help 
to get you started.

-Reko

(By the way Greg Leheys nowadays publicly available book about FreeBSD 
has pretty good walkthrough about basic nameserver configuration)

More information about the freebsd-questions mailing list