Re: Getting started with BIND

Jason wrote:

>Evening everyone.
>
>As the subject states, im getting started with BIND here. For help, I
>went out and bought DNS and BIND, 4th edition from my bookstore. :)
>
>I was hoping to ask a few questions here, just to answer a few things
>i've been thinking about.
>
>Currently, running FreeBSD 4.9, and installed BIND 9.2.2 via the ports
>tree (using the option) PORT_REPLACES_BASE_BIND9 to overwrite the old
>BIND files (to prevent less confusion)
>
>Anyway, my initial setup is to learn BIND and all the fun stuff in
>between. Here is what I want to do.
>
>I want to setup a private Nameserver for our private LAN that will
>initially, not be accessible from the outside world. I also wanted to
>setup a private name, something like internal.mydomain.com and then add
>a few zone records to point to a few machines I have running on the network.
>
>I understand how to create a zone file. I followed the book in doing so
>and created a very simple zone record:
>
>$TTL 1d
>internal.mydomain.com. IN SOA scarydaemons.mydomain.com.
>jwilliams.mydomain.com. (
> 2004030101 ; Serial
> 1d ; refresh
> 2h ; retry
> 100d ; expire
> 1h ) ; negative cache expiry
>
>; name servers
> IN NS scarydaemons
> IN NS liquidmail
>
>scarydaemons IN A 192.168.1.92
>liquidmail IN A 192.168.1.94
>
>; Hosts
>
>localhost IN A 127.0.0.1
>loanblade IN A 192.168.1.207
>
>; nicknames
>rack2 IN CNAME loanblade
>
>Like I said, simple, but playing with it.
>
>For the most part, is that correct? I'm sure I have some errors in
>there, but thought i'd ask.
>
>My next question is regarding named.conf. I added the following:
>
>zone "internal.mydomain.com" {
> type master;
> file "db.internal.mydomain";
>};
>*/
>
>Obvisously, this is not complete. But I wanted to at least try it out.
>When I start bind (ndc start)
>
>Mar 1 15:50:39 scarydaemons named[168]: starting BIND 9.2.2
>Mar 1 15:50:39 scarydaemons named[168]: none:0: open:
>/etc/namedb/rndc.key: file not found
>Mar 1 15:50:39 scarydaemons named[168]: couldn't add command channel
>127.0.0.1#953: file not found
>Mar 1 15:50:39 scarydaemons named[168]: none:0: open:
>/etc/namedb/rndc.key: file not found
>Mar 1 15:50:39 scarydaemons named[168]: couldn't add command channel
>::1#953: file not found
>
>I get some errors.
>Right now, im reading through the book, trying to figure out what im
>doing wrong.
>
>In the meantime, anyone have some suggestions and recommendations? I do
>appreciate it.
>
Those errors are all related to rndc, which you appear to have not
configured. See pages 145-147 of "the book" for how to configure it. If
you don't want to bother configuring it right now, you could suppress
those error messages by defining a "null" controls section, i.e.
"controls { };" in your /etc/named.conf.

By the way, what are you doing about a root zone? BIND always needs
access to some sort of root zone, and if you're on a completely isolated
LAN, you'll need to define one yourself. You might be able to skip this
step initially, but if you do, you may find that your nameserver keeps
beating its head against the wall trying to contact the Internet root
servers, which it knows about, in the absence of any explicit definition
of the root zone, courtesy of a compiled-in "hints" list. Hopefully your
firewall(s) and/or router(s) don't mind.

Another thing to keep in mind is that if you are using private
addressing (e.g. 192.168/16 or one of the other ranges defined by RFC
1918), then if and when you decide to start sending queries to Internet
nameservers, you should define reverse zones for those private ranges in
your nameserver(s), in order to prevent pollution of the Internet DNS
infrastructure with bogus queries.

-Kevin