using bind for blacklist of domains
dhottinger at harrisonburg.k12.va.us
dhottinger at harrisonburg.k12.va.us
Wed Mar 25 00:03:39 UTC 2009
>>
>> Contents of blockeddomains.host:
>> $TTL 86400 ; one day
>>
>> @ IN SOA ns.hhs.harrisonburg.k12.va.us
>> (
>> 2004061000 ; serial number 09032401
>> 28800 ; refresh 8 hours
>> 7200 ; retry 2 hours
>> 864000 ; expire 10 days
>> 86400 ) ; min ttl 1 day
>> NS ns1.harrisonburg.k12.va.us.
>> NS ns2.harrisonburg.k12.va.us.
>>
>> A 0.0.0.0
>>
>> * IN A 0.0.0.0
> Before the all-numeric fields, your SOA record needs both an MNAME
> field and an RNAME field. MNAME (which you have) should be the name of
> the primary master; but if you fully-qualify the name you should
> dot-terminate it, to avoid the zone origin ("00.devoid.us") from being
> appended. RNAME is a standard SMTP contact email address for the zone,
> e.g. admin at harrisonbug.k12.va.us, with the @ in the email address
> replaced with a dot. As with MNAME, make sure to dot-terminate RNAME
> too if the domain part of the email address is fully-qualified. Your
> SOA should have total of 7 fields, you're only showing 6; RNAME is
> missing. A syntactically-better SOA might look like
>
> @ IN SOA ns.hhs.harrisonburg.k12.va.us. admin.harrisonbug.k12.va.us. (
> 2004061000
> 28800
> 7200
> 864000
> 86400
> )
>
> Beyond that, I can't really tell because of the way email gets
> reformatted, but if you have any whitespace before "@" or "*", that's
> going to be a problem; the opening parenthesis should also be on the
> first SOA line.
>
> Last and least, the "min ttl" comment is misleading. The last field of
> the SOA record is now used as the "negative caching TTL", not "minimum"
> in any sense of the word. The comment should probably reflect that.
>
> Note that you can use the named-checkzone utility -- included in the
> BIND distribution -- to check a zone file for syntax errors, without
> actually trying to get named to load the file.
> - Kevin
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
Thanks, its been a while since I did a zone file. I new there was a
way to check the file for errors, but couldnt remember it. I
appreciate all the help.
take care,
ddh
--
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools
"Everything should be made as simple as possible, but not simpler."
-- Albert Einstein
"The hottest places in Hell are reserved for those who, in times of moral
crisis, preserved their neutrality."
-- Dante
More information about the bind-users
mailing list