-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/07/2014 06:28 AM, Carlos E. R. wrote:
I have bind running on this 12.3 setup. I have had it for ages. But I know I have errors on it, which I'm too lazy to correct. Each time I add a machine I have to edit two files (direct and reverse). Be careful with the timestamps. And then I see little inconsistencies which I try to correct, and there is always some little new mistake.
No problem. The have these neat little tools that ship like named-checkzone, named-checkconfig, etc.. The slickest part about the setup is using dynamic update from dhcpd to keep your zones updated automagically when new devices plug in or connect wirelessly. Take for example all the wireless stuff that wants an address everyday, even at home it is a blessing. Example from the forward zone: <snip> $TTL 3600 ; 1 hour davids-iPhone A 192.168.6.110 TXT "31de32cd4c301bc6e6e8526f436b2118f6" dcrgx A 192.168.6.111 TXT "315bafb7bcb07998abd2a40f11eb09219c" Deborahs-iPhone A 192.168.6.122 TXT "31a5bf958f65a6efa478be2842c3f9b936" iPhone A 192.168.6.137 TXT "31de32cd4c301bc6e6e8526f436b2118f6" Jordan-Rankin-1 A 192.168.6.144 TXT "31d202900ab3d104fe54191d6673301af1" ripper A 192.168.6.149 TXT "313f41f262462bc25dedb4fa3bb99bc318" Sydney-Rankin A 192.168.6.131 TXT "3112768425732e649608601ac373cfca0e" Sydneys-iPad A 192.168.6.147 TXT "313c6b00df734206b614790a9a4806fec8" Sydneys-IPod A 192.168.6.136 TXT "311da689704c4fb2be7d4edcaabc67107f" each of those are wired/wireless examples that requested an IP via dhcp. My server said OK, your MAC is in my allow filter, so here is your address, updated both forward and reverse zones and then signed the zone. Never had to touch a thing. An for those time when you add a host on a static IP, or assign it a non-changing IP via dhcpd, then simple issue "rndc freeze" to suspend dynamic updates (this conveniently forces the journal cache to be written to the zones), use vi to make needed changes in the zones (increment serial by 1 also), then simply "rndc thaw" and you are done. Literally makes adding new dhcp devices to your network plug-n-play, your zones are automatically and securely updated :-)
I have a virtual machine where I installed bind afresh, using the YaST module. But something went wrong and it doesn't work at all. The instructions on the openSUSE book, plus the YaST module online help are not clear enough. They assume you really know about zones and DNS and what each particular type of entry is for. And I don't, not really.
So it is a pending task.
Piece of cake, 99.9% of the diagnosis is # named-checkzone zonename filename real-world: [03:23 nemesis:/home/david] # named-checkzone rlfpllc.com /var/lib/named/dyn/rlfpllc.com zone rlfpllc.com/IN: loaded serial 2013113017 OK If there is an issue with the zone file, it will flag it and you can fix it long before you issue rcnamed start or systemctl start named.service
And here comes DNSmasq. It is so easy! Just write an /etc/host file and off you go. No more zones, no direct, no reverse, no mismatches. No MX registers. No pointers. Nothing to do to it.
So... is the effort to insist on using bind worth it?
I see the allure... I would still need to do a bit more digging to see if dnsmasq can facilitate backup dnshandling handling like named does, but so far it looks pretty good. - -- David C. Rankin, J.D.,P.E. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlLNGv0ACgkQZMpuZ8Cyrci7OgCfe2kVRLlBcFl84MwT7gnQu38K g40Anjk4EQYZpNZmwo40Hyi8ixs+9hzu =HucH -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org