bind9 questions

Tim Maestas tmaestas at dnsconsultants.com
Thu Mar 1 17:21:43 UTC 2001 


	Tim,
	You can use the corporate extensions in the server settings in QIP
	to add your Key statements.  Corporate Extensions inserts your
	text into the named.conf of that server.  Of course, I don't know
	if the BIND provided by Lucent actually supports the statements
	themselves.  My company currently uses QIP, but we run ISC BIND.

-Tim


------------------------------------------
http://www.dnsconsultants.com
DNS and other network consulting
------------------------------------------


On Thu, 1 Mar 2001 Timothy.Moseley at hurlburt.af.mil wrote:

> 
> As I said QIP (the master) does not support keys. That is why I tried the
> rndc.conf w/out the key statement first, I am wanting to know how I can
> configure the .conf file w/out it and still get rndc to work.
> 
> > >-----Original Message-----
> > >From: Jim Reid [mailto:jim at rfc1035.com]
> > >Sent: Wednesday, February 28, 2001 5:19 PM
> > >To: Timothy.Moseley at hurlburt.af.mil
> > >Cc: bind-users at isc.org
> > >Subject: Re: bind9 questions 
> > >
> > >
> > >>>>>> "Timothy" == Timothy Moseley 
> > ><Timothy.Moseley at hurlburt.af.mil> writes:
> > >
> > >    Timothy> rndc.conf
> > >
> > >    Timothy> options {
> > >    Timothy>	default-server localhost; 
> > >    Timothy>	default-key rndc_key;
> > >    Timothy> };
> > >
> > >Where is the key{} statement defining rndc_key? Why have you omitted
> > >stuff that the documentation tells you has to be in 
> > >rndc.conf? Oh, and
> > >there are controls{} and key{} statements missing from the named.conf
> > >file you posted too. And an allow-update clause in a slave zone{}
> > >statement isn't particularly sensible either. Not that those errors
> > >have any bearing on failing zone transfers. Hiding the actual domain
> > >name and IP addresses doesn't help. All that does is confirm what we
> > >see is not the same as what your name server sees.
> > >
> > >    Timothy> MY primary internal is a QIP box running on NT...
> > >
> > >Sigh.
> > >
> > >    Timothy> when named is started w/ kill -HUP 'cat 
> > >/var/run/named.pid'
> > >
> > >You should NEVER use signals to control a name server, especially a
> > >BIND9 server. Signals will usually cause a BIND9 server to
> > >terminate. And you usually won't start a server by typing "kill -HUP
> > >'cat /var/run/named.pid`" either. This might *restart* a 
> > >BIND8 server,
> > >but never start one. [That cat command should be enclosed in
> > >backquotes BTW, but leave that to one side.] This has no bearing on
> > >failing zone transfers either.
> > >
> > >    Timothy> Feb 28 20:56:15 pinnacle4 
> > >/usr/local/sbin/named[263]: the default for the 
> > >'auth-nxdomain' option is now 'no' 
> > >    Timothy> Feb 28 20:56:15 pinnacle4 
> > >/usr/local/sbin/named[263]: option 'check-names' is not implemented
> > >
> > >Ignore them. They are just informational. BIND9 should really just
> > >shut up about these defaults. They have no bearing on failing zone
> > >transfers anyway.
> > >
> > >    Timothy> I have printed out the manual that comes with BIND9 
> > >
> > >Have you tried reading it? :-)
> > >
> > >    Timothy> and have tried everything I can to get zone transfers, 
> > >
> > >What, precisely, have you tried? If you'd "tried everything" 
> > >you would
> > >inevitably have stumbled on a correct configuration by a process of
> > >trial and error.
> > >
> > >Why don't you read the name server's logs? There will be a message
> > >there explaining why the zone transfers are failing. What
> > >troubleshooting have you done? Can you get zone transfers to work by
> > >hand with dig? Is the master server reachable? Does it allow you to
> > >make zone transfers?  Does the master server answer authoritatively
> > >for the zone? If you'd told us the server's address and the domain
> > >name, someone might have been able to query it and find the
> > >problem. Does the slave have a higher serial number for the zone than
> > >the master server? This is a depressingly common problem with QIP.
> > >
> > >    Timothy> what am I doing wrong, besides using NT.
> > >
> > >Well using QIP doesn't help, but you should already know that.
> > >
>

More information about the bind-users mailing list