Talk:BIND

From ArchWiki
Jump to navigation Jump to search

Updates to chroot instructions 2012/08

I just did the chroot and I had to add:

   cp /etc/rndc.key ${CHROOT}/etc/

I had to change the ownership/permissions on ${CHROOT}/var and ${CHROOT}/var/log to root:named 775 to get it to log. So either the user 'named' need's to be writing the logfiles or the permissions need to be changed. I'm still looking into this.

There should also be a note about updating the /etc/logrotate.d/named file the change the path to /chroot/named/var/log/named.log

I'd be happy to write this up but it's my first edit so I wouldn't mind having someone look over my shoulder.

UselessSgrant (talk)

DNSSEC - pointless link

The link in the DNSSEC section points to a very bad article, containing literally no information that couldnt be included here. There should be some sort of config help here. AFAIK you have to tweak config like this:

 options {
   ...
   dnssec-validation auto;
   dnssec-lookaside auto;
 }

As i have not mutch of a clue of bind9 (and i dont plan to use it) i would appreciate if someone capable of verifying this could include this into the article. thanks! Fordprefect (talk) 10:06, 19 April 2016 (UTC)

Guidelines No Longer Work as of July 2016

The guidelines for setting up a local DNS server, as given on this page, no longer seem to work.

Dig command stalls on both local and global address lookups once the local DNS server is supposedly meant to be running.

Seanhly (talk) 15:51, 8 July 2016 (UTC)

Store the root zone . locally

people these days do a root-zone transfer via RFC:7706 to locally serve the rootzone themselves from a local named. Good from a privacy perspective and makes DNSSEC easier. Why not add some info how to do it (essentially just suggest a proper /etc/named.conf) which is very viable for 1-user systems at home ? see e.g. https://www.heise.de/forum/p-33435899/ --UBF6 (talk) 20:02, 18 November 2018 (UTC)

And while we are at it, why not add non-ICANN root-zones like .geek , .libre etc. which are administered bei OpenNIC. Its just a few lines more... UBF6 (talk) 03:12, 19 November 2018 (UTC)

"allow recursion" is in conflict with recommendations

Usually one wants allow anyone to query one's server for authoritative data, but only those hosts within the "trusted" ACL access to your cache and recursion. The given line given in the wiki does not do this. Instead we should follow https://kb.isc.org/docs/aa-00269 and use an ACL like they suggest.

talks about world-visibility, firewall and allow-recursion{}; vs. allow-query{};.

UBF6 (talk) 21:37, 18 November 2018 (UTC)