1000s of users
McLaughlin, Scott
scottm at newedgenetworks.com
Wed Aug 31 18:13:58 UTC 2005
We host over 8,900 zone files on our primary hosting servers.
We have split named.conf into multiple files and named.conf contains the
logging information, blackhole information, allow transfer, etc and some
include statements. We have a reverse.zones, primary.zones and
secondary.zones conf file that only contain the appropriate zone information
file. An example of our main named.conf is down below...you can see where
it includes the other files. This helps keep the named.conf file more
manageable.
Seperately have recently written an in house application that manages the
DNS for all these zones. (web based PHP talking to oracle database). All
zone files and their records are stored in an oracle database. The DNS
server runs a process that updates the appropriate named.conf files and/or
zone files when a change is made in the database by the front end
application...pretty slick.
Before we had this tool, we just edited the conf files by hand, it was
pretty easy to manage from a Unix box once we broke it out.
NAMED.CONF: (note some data is removed for security reasons)
// who can recurse against this server
acl recursion {
<insert IP list here>
};
// who can AXFR against this server
acl transfer {
<insert IP list here>
};
options {
directory "/var/named";
pid-file "/var/named/named.pid";
version "No Version for you";
allow-transfer { transfer; };
allow-recursion { recursion; };
};
// Key and control entries for RNDC to function
controls {
inet 127.0.0.1 allow { any; } keys { "rndc-key"; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "<REMOVED>";
};
// Logging information
logging {
channel remotequery {
syslog local5; # send to syslogs local5 facility
severity info; # send info and higher only
};
channel logredir {
syslog local3; # send to syslogs local3 facility
severity info; # send info and higher only
};
channel sec {
file "/var/named/logs/sec" versions 10;
print-category yes;
print-severity yes;
print-time yes;
severity info;
};
channel stats {
file "/var/named/logs/XSTATS" versions 10;
print-category yes;
print-severity yes;
print-time yes;
severity info;
};
category default { logredir; }; # force default logging to new
channel
category queries { remotequery; };
category security { sec; };
category lame-servers { "null"; };
category delegation-only { "null"; };
};
// Delegation only zones (removed after NetSol pulled their head out)
//include "/var/named/delegation-only";
// Default zones
zone "0.0.127.in-addr.arpa" {
type master;
file "/var/named/primary/rev.127.0.0";
};
zone "localhost" {
type master;
file "/var/named/primary/localhost.zone";
};
zone "." {
type hint;
file "/var/named/primary/root.hint";
};
// Include all other zone Files
include "/var/named/primary.zones";
include "/var/named/secondary.zones";
include "/var/named/reverse.zones";
include "/var/named/sysadmin.zones";
-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On Behalf
Of Michael Banta
Sent: Wednesday, August 31, 2005 8:54 AM
To: bind-users at isc.org
Subject: 1000s of users
Hi.
I read a post the other day of someone saying they hosted thousands of DNS
records, an ISP maybe.
My question is: do you simply go into the named.conf file and keep manually
adding zone files in into the flat text file? Is that the standard way of
working with that many zones? Or is there some other helper utility to more
easily manage that many zones.
Thanks
Mike
-- Binary/unsupported file stripped by Ecartis --
-- Type: application/x-pkcs7-signature
-- File: smime.p7s
More information about the bind-users
mailing list