Chapter 9. BIND DNS Server

More documents

Recommendations

Info

Chapter 9. BIND DNS Server 9.2.4. Configuring The Client In order to use your local network to resolve Internet addresses, you have to configure the client to access the DNS. Go back to Webmin ’s index, and select the Hardware tab, then click on the Network Configuration icon. Then, select the DNS Client and type your DNS’s IP if it is a remote client, or 127.0.0.1 if you are on the server. Figure 9-7. Configuring The Client 9.3. Advanced Configuration 9.3.1. How to Debug If the service did not start, you should look at the /var/log/messages file to read the debug output of BIND . If you do not find the error, you can use the named-checkconf program and named-checkzone to check your configuration. Through the bind-utils package, you can use many utilities and therefore, test your DNS (nslookup or dig). To use them, you should add the DNS server’s IP, preceded by the word “nameserver”, in your local /etc/ resolv.conf file. 9.3.2. The rndc Command BIND ’s configuration is not done yet, since rndc is not yet configured to work in all your network. rndc is the name server control utility. You can, for example, have statistics (using the rndc stats command), or you can ask for status (using the rndc status command). For more information about this powerful command, you should read the man page: rndc. rndc communicates with the nameserver over a TCP connection, sending commands authenticated with digital signatures; you should change the default key using the /usr/sbin/new_key.pl command. If you installed the caching-nameserver RPM package, a default rndc configuration will be done and you can use it. If not, you will have to add the key which is in the /etc/rndc.conf file to your /etc/named.conf file. The control statement declares control channels to be used by system administrators in order to affect the operation of the local nameserver. These control channels are used by the rndc utility, to send commands to and retrieve non-DNS results from a nameserver. To modify it, you should not select the Control Interface Options icon. Indeed, Webmin removes the key options, which is in the “controls” statement. You should modify the /etc/named.conf file using a text editor. Here is an example of local-only rndc use with key: // secret must be the same as in /etc/rndc.conf key "key" { algorithm hmac-md5; secret "cOb0cEDYZIQKNXDjnRJLmcTuZiXADGfVBahwsAnOd0yJbTmzPeHWO0LTTeCt"; }; controls { inet 127.0.0.1 allow { 127.0.0.1; 68
Chapter 9. BIND DNS Server }; } keys { "key"; }; For security reasons, the Mandrake Linux BIND server is started with limited user privileges. If you create a secondary DNS in your network, the BIND server could have to create its own files using the master DNS. That’s why you should change the owner of the “zones files” created by Webmin . The command to use is chown named -R /var/named/. 9.3.3. Documentation If you want to do more with BIND , it is strongly recommended you read the BIND 9 Administrator Reference Manual, which is available in PDF format on the official BIND web site. More documentation is available in HTML format, if you click on Search docs, in the upper-right corner of Webmin ’s Network Configuration or BIND DNS Server page. At their bottom, there are a lot of very interesting Internet links. Notice that the Reference Manual is available in HTML if you click on bind-9.2.0/html/Bv9ARM.html. Figure 9-8. The BIND 9 Administrator Reference Manual Through Webmin 9.3.4. A Few More Options For all the options which are not detailed in this document, we advise you to leave the default ones, unless you really know what you are doing. Each time you change the configuration, you should click on Apply Changes to verify that the server configuration is not broken by your change. 9.3.4.1. Global Server Options • Logging and Errors: you can add logging channels or categories to allow you to sort out your logs the way you want to; • Access Control Lists: the ACL statement assigns a symbolic name to an address match list (the IPs are separated by a “space”); • Forwarding and Transfers: the forwarding facility can be used to create a large, site-wide cache on a few servers, therefore reducing traffic over links to external nameservers. It can also be used to allow queries by 69
Page 1 and 2: Chapter 9. BIND DNS Server The BIND
Page 3: Chapter 9. BIND DNS Server ne Names
Page 7: Security And Network Issues Up unti

Chapter 9. BIND DNS Server

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?