running multiple daemonized instances of BIND9.2 on Windows 2000

Sun Nov 2 00:24:44 UTC 2003

At 07:01 PM 10/31/03, Nick wrote:
>I'm trying to provide name resolution services to 4 DMZ subnets
>attached to Cisco PIX NAT firewall.  My primary and secondary DNS
>server are both on the same DMZ subnet.

That's a really bad idea. You need to keep them in separate locations
if you want redundancy.

>However, since the firewall
>NAT functionality rewrites the source IP in the packet header, I
>cannot use the "view" functionality of BIND9 to offer different
>responses based on the source IP, because the firewall NAT
>functionality makes it look like ALL requests are coming from the
>local subnet.
>
>Fine and dandy, I thought I'd just run 4 different instances of BIND,
>each listening on a different IP address, then point the clients on
>each DMZ subnet to the appropriate IP address for name resolution.

How will this solve the problem? Why can't you list the appropriate
IP addresses in the view? If the NAT is rewriting the address, surely you
know that addresses that it rewrites them to?

>Now here's the dilemma: it's easy to run a SINGLE daemonized (or
>service-ized to use win32-speak) instance of BIND using the default
>named.conf file.  That functionality happens right out of the box
>using the   However, when I try to run multiple instances of BIND, I
>cannot seem to get them to run in the background - here's the output I
>get:
>
>C:\WINNT\system32\dns\bin>named -c
>c:\winnt\system32\dns\etc\named.dmz3.conf
>Use -f to run from the command line.

It sounds like you are running it from the command line anyway. You
just said you didn't want that. What did you expect to happen? Services
can be start from the command line but you need to use the
"net start servicename" command and the service must already exist.
named does not install itself as a service, that's done through the
BINDInstall utility.

>As you may recall, the "-f" switch means "run in foreground".  I don't
>want to run in the foreground, because it means someone has to login
>and start the process every time the machine boots.  I want to be able
>to run as a daemon.

You can't easily do this. It requires installations with different names and
named.conf files in the registry. It would create a real mess, cause issues
with things like rndc and make it difficult to control.

>I am using the binary release of ISC BIND 9.2.2 for win32 from
>ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.2.2/BIND9.2.2.zip

Upgrade to 9.2.3, it fixes a lot of problems.

>Am I missing something obvious?

Yes, even if you get this to work, you need to reconsider what you are
trying to accomplish since it sounds like you are trying to solve this
the wrong way.

Danny

>Thanks,
>nickjeffrey_at_hotmail_dot_com