Results 1 to 7 of 7

Thread: Bind 9.3 on CentOS 5 Split DNS

Hybrid View

  1. #1
    Join Date
    Apr 2010
    Posts
    4
    Rep Power
    5

    Default Bind 9.3 on CentOS 5 Split DNS

    Hello,

    yes, I know there is a world of split DNS guides out there, and lots of great information, unfortunately, none of them seem to take into account the changes that seem to be in bind 9.3 ... named.conf file?

    I'm certainly not a power use, but after reading probably 15 to 20 guides (zimbra site, zimbra forums, howtoforge, centos site, .... and many more) on installing zimbra on centos I have hit the wall on bind and split dns.

    everything I find is talking about an older version of bind as far as I can tell. I have a fresh clean install, up-to-date of CentOS and it happily tells me that Bind 9.3.6-4.... is installed and ready to go. However, that's about as far as it goes.... none of the instructions on any of the guides seem to apply to editing the files to properly deal with the split dns setup.

    I found a report on some site, don't recall which one, where people were listing the fact that the named.conf file is not part of the bind 9.3 install... and a discussion on that issue, some calling it a bug, some calling it a feature... fun fun, very little help.

    Anyway... I can happily follow a guide and I'm sure there must be one out there, so please, point me in the right direction, I think my head might pop off if I keep going ...this has actually been on going for a week and a half now....

    Still believing.....

  2. #2
    Join Date
    Sep 2009
    Posts
    38
    Rep Power
    6

    Default

    Count me in the "Bug" camp on why Red Hat (or is it CentOS?) decided it was even remotely smart to not include a template named.conf in the recent distributions.

    As for split DNS, you create that with bind views. The first thing to do is get named running with a single database., then change named.conf to incorporate views based on originating IP addresses. Creating that database can also be a bit of an exercise, for a simple start look for h2n. It takes a host file and blows it out into bind format files.

  3. #3
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by Matuscak View Post
    Count me in the "Bug" camp on why Red Hat (or is it CentOS?) decided it was even remotely smart to not include a template named.conf in the recent distributions.

    As for split DNS, you create that with bind views. The first thing to do is get named running with a single database., then change named.conf to incorporate views based on originating IP addresses. Creating that database can also be a bit of an exercise, for a simple start look for h2n. It takes a host file and blows it out into bind format files.
    You could also install Webmin and use that to manage Bind or you could get rid of the bloated and buggy Bind and use Power DNS server and recursor with PDNS-admin to manage it - it's fast, secure, less buggy and simple to set-up.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #4
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    On a Centos 5.4 install I have the following installed
    Code:
    bind-utils-9.3.6-4.P1.el5_4.2
    bind-chroot-9.3.6-4.P1.el5_4.2
    bind-9.3.6-4.P1.el5_4.2
    bind-libs-9.3.6-4.P1.el5_4.2
    You would ideally want to install the chroot package from a security perspective. Once that is done all the main config files will reside under /var/named/chroot/etc. Here is a simple split view templated
    Code:
    acl "dns_slaves" {
            XXX.XXX.XXX.XXX;
            XXX.XXX.XXX.XXX;
    };
    
    acl "trusted" {
            192.168.1.0/24;                         # network address of your local LAN
            127.0.0.1;                              # allow loop back
            localnets;
    };
    
    options {                                       # this section sets the default options
            directory "/var/named";                 # directory where the zone files will reside
            listen-on {
                    XXX.XXX.XXX.XXX;                 # IP address of the local interface to listen
                    127.0.0.1;                      # ditto
            };
            pid-file "/var/run/named/named.pid";
            auth-nxdomain no;                       # conform to RFC1035
            recursion no;                           # disallow recursive queries unless over-ridden below
            version "0";                            # obscures version reporting - can't hurt
    
            allow-transfer { dns_slaves; };
            allow-query { trusted; };
            allow-query-cache { trusted; };
    };
    
    logging {
            category lame-servers { null; };
    };
    
    controls {
            inet 127.0.0.1 allow { localhost; }
            keys { rndc-key; };
    };
    
    view "internal" {
    
            match-clients { trusted; };             # match hosts in acl "trusted" above
            allow-query { any; };                   # allow anyone to issue queries
            recursion yes;                          # allow recursive queries
            notify no;                              # disable AA notifies
            additional-from-auth yes;
            additional-from-cache yes;
    
            zone "." {
                    type hint;
                    file "data/static/named.ca";
            };
    
            zone "localhost" {
                    type master;
                    file "data/static/localhost.zone";
            };
    
            zone "127.in-addr.arpa" {
                    type master;
                    file "data/static/127.zone";
            };
    
            zone "1.168.192.in-addr.arpa" {
                    type master;
                    file "data/internal/1.168.192.zone";
            };
    
            zone "XXXXXXXXXX.XXX" {
                    type master;
                    file "data/internal/XXXXXXXXXX.XXX.zone";
            };
    
    };
    
    view "external" {
    
            match-clients { any; };
            recursion no;
            allow-transfer { dns_slaves; };
            additional-from-auth no;
            additional-from-cache no;
    
            zone "." in {
                    type hint;
                    file "data/static/named.ca";
            };
    
            zone "XXXXXXXXXX.XXX" {
                    type master;
                    file "data/external/XXXXXXXXXX.XXX.zone";
                    allow-query { any; };
            };
    
    };
    
    view "chaos" chaos {
    
            match-clients { any; };
            recursion no;
    
            zone "." {
                    type hint;
                    file "/dev/null";
            };
    
            zone "bind" {
                    type master;
                    file "data/static/db.bind";
    
                    allow-query { trusted; };
                    allow-transfer { none; };
            };
    
    };

  5. #5
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    In order to have a "simple" split-domain (as "simple" I mean "only a couple records"), using dnsmasq is much easier...

  6. #6
    Join Date
    Apr 2010
    Posts
    4
    Rep Power
    5

    Default

    This is some good informaiton.

    Uxbod, I have the same bind installs listed as you when I check. I can also see the chroot folder structure under /var/named/chroot/.... But there are no files to work with, I'm guessing that means there is another package I need to run? That or I've simply gone cross eyed and can no long make any sense of the computer screens in front of me

    Klug, this particular install is only going to deal with one resolution, but in the future we are looking to encourage our clients to move to a ZCS solution for there offices. We are competing with a local Tel Co that is pitching hosted Exchange.... Zimbra is much better . There may be up to 5 to deal with for some offices... i'm guessing that is pushing it for dnsmasq? I've seen the name around a bit, but didnt' go down that road since so much info in the guides were directly speaking to bind.

    Matuscak, the change certainly doesn't seem to have made anything easier... maybe there is a wonderfully glorious reason for the switch, and in my uneducated state I am simply missing it, but whatever the case it just left me confused.

    I'm going to go at this again to day with your suggestions and added info. I'll be intouch...

  7. #7
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    You are not missing anything as no samples are provided

Similar Threads

  1. Replies: 15
    Last Post: 11-24-2009, 08:46 AM
  2. [SOLVED] Split DNS - Firewall - Loops back to myself
    By ldoran@goccs.com in forum Installation
    Replies: 9
    Last Post: 09-30-2009, 10:26 AM
  3. Replies: 5
    Last Post: 08-28-2009, 10:35 AM
  4. Split DNS / CentOS 5 / x64
    By powrrrplay in forum Installation
    Replies: 10
    Last Post: 08-27-2009, 09:22 AM
  5. Replies: 15
    Last Post: 04-14-2008, 01:29 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •