Secondary DNS Server
Kevin Darcy
kcd at daimlerchrysler.com
Wed Sep 27 23:07:43 UTC 2006
Pilu wrote:
> Hi,
>
> I am currently upgrading my Bind DNS Server version 4.1 to 9.3 ...
>
> My secondary DNS server is hosted by our internet providers and i would
> like to be sure that zone-transfers will work perfectly after the migration.
>
> On my named.conf file, i have defined this:
>
> key "rndc-key" { algorithm hmac-md5; secret "jdhfjddf@@{#\{#\"; };
>
> controls {
> inet 127.0.0.1 allow { any; } keys { "rndc-key"; };
> };
>
>
> acl "secondary_servers" {
> 194.98.65.69;
> 194.98.65.169;
> 192.76.144.17;
> 194.128.171.100;
> };
>
> options {
>
> check-names master fail;
> check-names response ignore;
> check-names slave warn;
> directory "e:\named\zones";
> allow-transfer {"secondary_servers"; };
>
> query-source address * port 53;
> };
>
> In my zone files, i have defined secondary server ip as NS
>
> Can you please confirm that this configuration is correct?
>
>
I'd probably just start simply -- maybe just the "directory" statement
-- and then add the other features incrementally in phases. You should
only lock down your query-source if you have a firewall and/or a
firewall ruleset that requires it. As for rndc controls, check-names
settings, and restricting zone transfers, those are all just matters of
local opinion/preference/practice/convention, and I won't comment on
their "correctness".
If you want to check the syntax of the named.conf file at any point in
its evolution, then you can use the named-checkconf utility for that.
- Kevin
More information about the bind-users
mailing list