Configuring Bind for use with OpenNIC

Kevin Darcy kcd at daimlerchrysler.com
Thu Jul 5 17:43:30 UTC 2001 

Marc C Storck wrote:

> [...\
> And BTW OpenNIC only requires this for TLD Operators who want to be listed
> and included in OpenNIC

That's not how the instructions at http://www.opennic.unrated.net/server.html
read. The first heading is "Configuring Your Name Server", and then the example
shows configuring your name server to be a slave to theirs. Nowhere in the
intervening text is any exclusion or qualification saying "do this only if you
want to be a TLD Operator". In fact, they explicitly derogate the use of
"hints" files:

> OpenDNS is a simple addition to the BIND configuration file to inform your name server of the new Top-Level
>                     Domains (TLDs) administered by OpenNIC. What this does, basically, is set your server back to the old days
>                     when that file was a cache of pointers to the root servers. BIND these days just uses that cache as a list of
>                     servers to query at startup for up-to-date root lists, but we don't have to do that.
>

Maybe they'll reconsider their position, in light of BIND's new
(RFC-conforming) behavior...


- Kevin

>  ----- Original Message -----
> From: Kevin Darcy <kcd at daimlerchrysler.com>
> To: <comp-protocols-dns-bind at moderators.isc.org>
> Sent: Thursday, July 05, 2001 6:58 PM
> Subject: Re: Configuring Bind for use with OpenNIC
>
> >
> > Why on earth would OpenNIC want everyone to be a slave of the root zone?
> Don't
> > they realize that whenever the root zone changes, this means *everyone*
> who is
> > running a recent version of BIND will NOTIFY *all* of the root
> nameservers? I
> > suspect they're getting swamped with NOTIFY traffic every time they change
> the
> > zone. Bad design decision, I'd say.
> >
> >
> > - Kevin
> >
> > cbiesinger at web.de wrote:
> >
> > > Hello!
> > > At the moment, I'm trying to configure my bind for use with OpenNIC
> > > (http://www.opennic.unrated.net if you're interested).
> > > It's supposed to be mostly a caching nameserver, but also serving one
> > > local domain.
> > >
> > > Now, the Problem I have is that now and then Bind stops answering
> > > queries. The log doesn't seem to contain unusual messages, but here
> > > are some lines which might relate to this problem:
> > > Jul  4 19:47:56 chello212186200128 named[17066]: Sent NOTIFY for " IN
> > > SOA 2001052201" (); 8 NS, 8 A
> > > Jul  4 19:54:15 chello212186200128 named[17066]: ns_forw:
> > > query(www.parody) All possible A RR's lame
> > >
> > > The version is: named 8.2.4-REL-NOESW Fri Jun  1 01:18:38 MDT 2001
> > >
> > > My config file is as follows: (The file /etc/bind/tld-root exists & is
> > > the one from http://www.opennic.unrated.net/server.html)
> > >
> > > // This is the primary configuration file for the BIND DNS server named.
> > > //
> > > // Please read /usr/share/doc/bind/README.Debian for information on the
> > > // structure of BIND configuration files in Debian for BIND versions
> 8.2.1
> > > // and later, *BEFORE* you customize this configuration file.
> > > //
> > >
> > > options {
> > >         directory "/var/cache/bind";
> > >         listen-on { 192.168.1.1; };
> > >
> > >         // If there is a firewall between you and nameservers you want
> > >         // to talk to, you might need to uncomment the query-source
> > >         // directive below.  Previous versions of BIND always asked
> > >         // questions using port 53, but BIND 8.1 and later use an
> unprivileged
> > >         // port by default.
> > >
> > >         // query-source address * port 53;
> > >
> > >         // If your ISP provided one or more IP addresses for stable
> > >         // nameservers, you probably want to use them as forwarders.
> > >         // Uncomment the following block, and insert the addresses
> replacing
> > >         // the all-0's placeholder.
> > >
> > >         // forwarders {
> > >         //      0.0.0.0;
> > >         // };
> > > };
> > >
> > > // reduce log verbosity on issues outside our control
> > > logging {
> > >         category lame-servers { null; };
> > >         category cname { null; };
> > > };
> > >
> > > // prime the server with knowledge of the root servers
> > > zone "." {
> > > //        type hint;
> > > //        file "/etc/bind/db.root";
> > > // Adding OpenNIC support (http://www.opennic.unrated.net)
> > > // (Wed Jul  4 19:35:12 CEST 2001)
> > >         type slave;
> > >         file "/etc/bind/tld-root";
> > >         masters { 216.74.72.5; 165.251.126.11; 209.21.75.52; };
> > > };
> > >
> > > // be authoritative for the localhost forward and reverse zones, and for
> > > // broadcast zones as per RFC 1912
> > >
> > > zone "localhost" {
> > >         type master;
> > >         file "/etc/bind/db.local";
> > > };
> > >
> > > zone "127.in-addr.arpa" {
> > >         type master;
> > >         file "/etc/bind/db.127";
> > > };
> > >
> > > zone "0.in-addr.arpa" {
> > >         type master;
> > >         file "/etc/bind/db.0";
> > > };
> > >
> > > zone "255.in-addr.arpa" {
> > >         type master;
> > >         file "/etc/bind/db.255";
> > > };
> > >
> > > // add entries for other zones below here
> > >
> > > zone "biesinger.at" {
> > >         type master;
> > >         file "/etc/bind/db.biesinger.at";
> > > };
> > >
> > > zone "1.168.192.in-addr.arpa" {
> > >         type master;
> > >         file "/etc/bind/db.192";
> > > };
> > >
> > > --
> > > Encrypted Emails strongly preferred! Get PGP from http://www.pgpi.org
> > > PGP-Key: 1024D/DFFE21F1 - Get it from
> http://mmc.sourceforge.net/biesi.asc
> > > Key also available at PGP Keyservers
> > > Key fingerprint = E60D 24FC BBC5 97CE 5421  C0FE 311B 7F82 DFFE 21F1
> >
> >
> >
> >

More information about the bind-users mailing list