On a CentOS 5 server, I am having a hard time configuring BIND to answer to 4 IP addresses for 2 domain names.
Currently, I have four IP addresses, for sake of discussion they are: 1.1.1.1 1.1.1.2 1.1.1.3 1.1.1.4
Additionally, I have two domain names. For sake of discussion: exampleA.com exampleB.com
My goal is to have 1.1.1.1 & 1.1.1.2 as the nameservers for exampleA.com, and 1.1.1.3 & 1.1.1.4 as the nameservers for exampleB.com. Apache is running on this machine, and should of course serve pages for the sites.
I think that I've got the apache configuration down, but the BIND configuration is eluding me. I've read the following fine manual, but I am still stuck: http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-bind.html
Additionally, I have googled for "how to configure bind for multiple domain names" and the like, but I see no mention of the IP addresses configuration. Can I simply configure any IP address that the server answers to as the nameservers? What am I missing?
Thank you in advance!
----- Original Message ----- | On a CentOS 5 server, I am having a hard time configuring BIND to | answer to 4 IP addresses for 2 domain names. | | Currently, I have four IP addresses, for sake of discussion they are: | 1.1.1.1 | 1.1.1.2 | 1.1.1.3 | 1.1.1.4 | | Additionally, I have two domain names. For sake of discussion: | exampleA.com | exampleB.com | | My goal is to have 1.1.1.1 & 1.1.1.2 as the nameservers for | exampleA.com, and 1.1.1.3 & 1.1.1.4 as the nameservers for | exampleB.com. Apache is running on this machine, and should of course | serve pages for the sites. | | I think that I've got the apache configuration down, but the BIND | configuration is eluding me. I've read the following fine manual, but | I am still stuck: | http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-bind.html | | Additionally, I have googled for "how to configure bind for multiple | domain names" and the like, but I see no mention of the IP addresses | configuration. Can I simply configure any IP address that the server | answers to as the nameservers? What am I missing? | | Thank you in advance! | | -- | Dotan Cohen | | http://gibberish.co.il | http://what-is-what.com | _______________________________________________ | CentOS mailing list | CentOS@centos.org | http://lists.centos.org/mailman/listinfo/centos
Have a read for the listen on directive for BIND which tells BIND what interfaces/IP Addresses to bind to. Alternatively, you could just configure BIND identically on both machines and ensure that they are setup in a master/slave configuration so that each name server could answer requests for both domains and publish both name server records in each domain.
-- James A. Peltier Systems Analyst (FASNet), VIVARIUM Technical Director Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpeltier@sfu.ca Website : http://www.fas.sfu.ca | http://vivarium.cs.sfu.ca MSN : subatomic_spam@hotmail.com
Does your OS has a man 8 lart? http://www.xinu.nl/unix/humour/asr-manpages/lart.html
Have a read for the listen on directive for BIND which tells BIND what interfaces/IP Addresses to bind to.
Thanks, I am aware that Apache can be told to listen only to specific addresses. Can BIND be told to listen on all addresses? Your post implies that this is the default (which makes sense, as so does Apache), maybe I am chasing a non-issue?
In other words, I should configure BIND to answer to exampleA.com and to exampleB.com with no regard to IP addresses. then in the control panel for each domain name configure the nameservers to my liking (with addresses that the server answers to, naturally)? That's it?
Alternatively, you could just configure BIND identically on both machines and ensure that they are setup in a master/slave configuration so that each name server could answer requests for both domains and publish both name server records in each domain.
There is only one machine. All four addresses point to it.
Maybe a Round-Robin configuration ?
2010/9/24 Dotan Cohen dotancohen@gmail.com
Have a read for the listen on directive for BIND which tells BIND what interfaces/IP Addresses to bind to.
Thanks, I am aware that Apache can be told to listen only to specific addresses. Can BIND be told to listen on all addresses? Your post implies that this is the default (which makes sense, as so does Apache), maybe I am chasing a non-issue?
In other words, I should configure BIND to answer to exampleA.com and to exampleB.com with no regard to IP addresses. then in the control panel for each domain name configure the nameservers to my liking (with addresses that the server answers to, naturally)? That's it?
Alternatively, you could just configure BIND identically on both
machines and ensure that
they are setup in a master/slave configuration so that each name server
could answer
requests for both domains and publish both name server records in each
domain.
There is only one machine. All four addresses point to it.
-- Dotan Cohen
http://gibberish.co.il http://what-is-what.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Fri, Sep 24, 2010 at 19:26, Eric Viseur eric.viseur@gmail.com wrote:
Maybe a Round-Robin configuration ?
Thank you Eric, but I may have been unclear. There is only one physical server, but it answers to four IP addresses.
On 9/24/2010 12:21 PM, Dotan Cohen wrote:
Have a read for the listen on directive for BIND which tells BIND what interfaces/IP Addresses to bind to.
Thanks, I am aware that Apache can be told to listen only to specific addresses. Can BIND be told to listen on all addresses? Your post implies that this is the default (which makes sense, as so does Apache), maybe I am chasing a non-issue?
In other words, I should configure BIND to answer to exampleA.com and to exampleB.com with no regard to IP addresses. then in the control panel for each domain name configure the nameservers to my liking (with addresses that the server answers to, naturally)? That's it?
Alternatively, you could just configure BIND identically on both machines and ensure that they are setup in a master/slave configuration so that each name server could answer requests for both domains and publish both name server records in each domain.
There is only one machine. All four addresses point to it.
You are making it much more complicated than necessary. I'd configure apache to use named virtual hosts and listen on all addresses (but you might want to tie https to specific addresses so you can tie connections to the right certificates), and bind to listen on all addresses and answer for all your domains.
On Fri, Sep 24, 2010 at 19:38, Les Mikesell lesmikesell@gmail.com wrote:
You are making it much more complicated than necessary.
That is what I suspected! I know that when Linux gets difficult, it is because I'm doing it wrong!
I'd configure apache to use named virtual hosts and listen on all addresses (but you might want to tie https to specific addresses so you can tie connections to the right certificates),
Exactly how it is configured.
and bind to listen on all addresses and answer for all your domains.
So, then, the association of a FQDN with any particular IP address is only done in the domain name's control panel where the nameservers are set?
On 9/24/2010 12:43 PM, Dotan Cohen wrote:
and bind to listen on all addresses and answer for all your domains.
So, then, the association of a FQDN with any particular IP address is only done in the domain name's control panel where the nameservers are set?
What's a control panel? Bind is going to want a zone file for each domain where it is the primary nameserver and an A record for each host in that domain. You may have some GUI tool to manage them. But any instance of bind can be primary for any number of domains. The association with the IP address(es) that will receive the queries happens when you register the domain into the public dns system and you can register the same server(s) as primary for many domains.
On Fri, Sep 24, 2010 at 19:59, Les Mikesell lesmikesell@gmail.com wrote:
What's a control panel?
It is the web-based interface for the domain name registrar, in which one configures the name servers for the domain name that he bought from them.
Bind is going to want a zone file for each domain where it is the primary nameserver and an A record for each host in that domain.
Yes.
You may have some GUI tool to manage them.
Oh, no, I'm trying to learn the _right_ way! That's why I'm here!
But any instance of bind can be primary for any number of domains. The association with the IP address(es) that will receive the queries happens when you register the domain into the public dns system and you can register the same server(s) as primary for many domains.
Yes, but I'd rather have different name servers for exampleA.com and exampleB.com. The two domain names are for competing websites, there should be no hint that they are associated.
On 9/24/2010 1:07 PM, Dotan Cohen wrote:
But any instance of bind can be primary for any number of domains. The association with the IP address(es) that will receive the queries happens when you register the domain into the public dns system and you can register the same server(s) as primary for many domains.
Yes, but I'd rather have different name servers for exampleA.com and exampleB.com. The two domain names are for competing websites, there should be no hint that they are associated.
Probably a waste of time. If anyone cares, they'll track down the domain and IP range ownership anyway (there are sites that do it automatically). So unless you've used company aliases in the domain registration and gotten separate isp connections for your addresses the connection will still show.
On Fri, Sep 24, 2010 at 20:18, Les Mikesell lesmikesell@gmail.com wrote:
Probably a waste of time. If anyone cares, they'll track down the domain and IP range ownership anyway (there are sites that do it automatically). So unless you've used company aliases in the domain registration and gotten separate isp connections for your addresses the connection will still show.
I know. The domain names _are_ in fact registered to different entities, though. The best hint is that the nameservers are on the same C block.
At Fri, 24 Sep 2010 21:05:25 +0200 CentOS mailing list centos@centos.org wrote:
On Fri, Sep 24, 2010 at 20:18, Les Mikesell lesmikesell@gmail.com wrote:
Probably a waste of time. If anyone cares, they'll track down the domain and IP range ownership anyway (there are sites that do it automatically). So unless you've used company aliases in the domain registration and gotten separate isp connections for your addresses the connection will still show.
I know. The domain names _are_ in fact registered to different entities, though. The best hint is that the nameservers are on the same C block.
Which is still meaningless. Some name servers serve *hundreds* of web sites, many competing with each other. Often large hosting companies will serve hundreds of web sites, all with the *same* IP address and many in competion with each other. As a line of reasearch, this is somewhat fruitless. And it is doubtful anyone would really care -- anyone who is tech savey enough to know how use dig, whois, etc. knows how BIND and Apache work and know all about virtual hosting, etc.
On Fri, Sep 24, 2010 at 22:24, Robert Heller heller@deepsoft.com wrote:
Which is still meaningless. Some name servers serve *hundreds* of web sites, many competing with each other. Often large hosting companies will serve hundreds of web sites, all with the *same* IP address and many in competion with each other. As a line of reasearch, this is somewhat fruitless. And it is doubtful anyone would really care -- anyone who is tech savey enough to know how use dig, whois, etc. knows how BIND and Apache work and know all about virtual hosting, etc.
Agreed 100%. But I'm not the only decision-maker and I'm learning in the process anyway. This seems to be a rite-of-passage that I should have gone through some time ago.
At Fri, 24 Sep 2010 19:43:11 +0200 CentOS mailing list centos@centos.org wrote:
On Fri, Sep 24, 2010 at 19:38, Les Mikesell lesmikesell@gmail.com wrote:
You are making it much more complicated than necessary.
That is what I suspected! I know that when Linux gets difficult, it is because I'm doing it wrong!
I'd configure apache to use named virtual hosts and listen on all addresses (but you might want to tie https to specific addresses so you can tie connections to the right certificates),
Exactly how it is configured.
and bind to listen on all addresses and answer for all your domains.
So, then, the association of a FQDN with any particular IP address is only done in the domain name's control panel where the nameservers are set?
It is in bind's database (zone files). In named.conf you associate domains (all but the leftmost part of the FQDN) with zone files and zone files map from hostnames (left-most part of the FQDN) to ip addresses.
Fragment of named.conf:
zone "deepsoft.com" { type master; file "deepsoft.com.zone"; // IP addresses of slave servers allowed to transfer deepsoft.com allow-transfer { any; }; };
zone "wendellfullmoon.org" { type master; file "wendellfullmoon.org.zone"; // IP addresses of slave servers allowed to transfer deepsoft.com allow-transfer { any;}; };
In deepsoft.com.zone file are 'IN A' records that bind <mumble>.deepsoft.com to some IP address and in wendellfullmoon.org.zone are 'IN A' records that bind <mumble>.are 'IN A' records that bind <mumble>.wendellfullmoon.org to some IP address.
On Fri, Sep 24, 2010 at 22:24, Robert Heller heller@deepsoft.com wrote:
So, then, the association of a FQDN with any particular IP address is only done in the domain name's control panel where the nameservers are set?
It is in bind's database (zone files). In named.conf you associate domains (all but the leftmost part of the FQDN) with zone files and zone files map from hostnames (left-most part of the FQDN) to ip addresses.
Thank you. That is quite what I had suspected, and of course the zone files that I am experimenting with reflect that. How is this:
# cat /var/named/exampleA.com.hosts
$ORIGIN exampleA.com. $TTL 1h exampleA.com. IN SOA ns1.exampleA.com. ns2.exampleA.com. ( 1; Serial - increment me 10800 3600 604800 38400 ) IN NS ns1.exampleA.com. IN NS ns2.exampleA.com. exampleA.com. IN A 1.1.1.1 exampleA.com. IN A 1.1.1.2 ns1 IN A 1.1.1.1 ns2 IN A 1.1.1.2
On 9/24/2010 3:39 PM, Dotan Cohen wrote:
On Fri, Sep 24, 2010 at 22:24, Robert Hellerheller@deepsoft.com wrote:
So, then, the association of a FQDN with any particular IP address is only done in the domain name's control panel where the nameservers are set?
It is in bind's database (zone files). In named.conf you associate domains (all but the leftmost part of the FQDN) with zone files and zone files map from hostnames (left-most part of the FQDN) to ip addresses.
Thank you. That is quite what I had suspected, and of course the zone files that I am experimenting with reflect that. How is this:
# cat /var/named/exampleA.com.hosts
$ORIGIN exampleA.com. $TTL 1h exampleA.com. IN SOA ns1.exampleA.com. ns2.exampleA.com. ( 1; Serial - increment me 10800 3600 604800 38400 ) IN NS ns1.exampleA.com. IN NS ns2.exampleA.com. exampleA.com. IN A 1.1.1.1 exampleA.com. IN A 1.1.1.2 ns1 IN A 1.1.1.1 ns2 IN A 1.1.1.2
I think that's reasonable - but note that from the rest of the world's perspective the ns1, ns2 IP's are going to come from the glue records from the upstream DNS that would have been added when you registered the servers as primary for the domain. For anything else, the query gets passed on to your server.
On Fri, Sep 24, 2010 at 22:47, Les Mikesell lesmikesell@gmail.com wrote:
I think that's reasonable - but note that from the rest of the world's perspective the ns1, ns2 IP's are going to come from the glue records from the upstream DNS that would have been added when you registered the servers as primary for the domain. For anything else, the query gets passed on to your server.
I did see mention of the term glue records earlier while googling, only now am I googling it...
Oh, it looks like I may need to set those too. When I configured ns1.exampleA.com & ns2.exampleA.com in the registrar's control panel, I did enter the 1.1.1.1 & 1.1.1.2 addresses. Should that be enough?
----- Original Message ----- | > Have a read for the listen on directive for BIND which tells BIND | > what | > interfaces/IP Addresses to bind to. | | Thanks, I am aware that Apache can be told to listen only to specific | addresses. Can BIND be told to listen on all addresses? Your post | implies that this is the default (which makes sense, as so does | Apache), maybe I am chasing a non-issue? | | In other words, I should configure BIND to answer to exampleA.com and | to exampleB.com with no regard to IP addresses. then in the control | panel for each domain name configure the nameservers to my liking | (with addresses that the server answers to, naturally)? That's it? | | | > Alternatively, you could just configure BIND identically on both | > machines and ensure that | > they are setup in a master/slave configuration so that each name | > server could answer | > requests for both domains and publish both name server records in | > each domain. | > | | There is only one machine. All four addresses point to it. | | -- | Dotan Cohen | | http://gibberish.co.il | http://what-is-what.com | _______________________________________________ | CentOS mailing list | CentOS@centos.org | http://lists.centos.org/mailman/listinfo/centos
BIND has listen on directives as well, but if this is a single box configuration it's not necessarily required as it will listen on all interfaces.
As far as configuring the domains, well that's pretty simple. In your DNS records for each domain you would define NS records such as this
$TTL 1d @ IN SOA ns1.exampleA.com. hostmaster.exampleA.com. ( 2010092401 ; PUT SEQUENCE NUMBER HERE (YYYY/MM/DAY/CHANGE #) 3600 ; Refresh every hour 600 ; Retry - every ten minutes 604800 ; Expire - after one week 1h ) ; Minimum 1H IN NS ns1.exampleA.com. IN NS ns2.exampleA.com.
;; Hosts Section
ns1 IN A 1.1.1.1 ns2 IN A 1.1.1.2 www IN A 1.1.1.3
Keep in mind that you don't need A records for the NS records if you are pointing to a different name server so your exampleB your records might look like this
$TTL 1d @ IN SOA ns1.exampleB.com. hostmaster.exampleB.com. ( 2010092401 ; PUT SEQUENCE NUMBER HERE (YYYY/MM/DAY/CHANGE #) 3600 ; Refresh every hour 600 ; Retry - every ten minutes 604800 ; Expire - after one week 1h ) ; Minimum 1H IN NS ns1.exampleA.com. IN NS ns2.exampleA.com.
;; Hosts Section
www 1.1.1.4
Notice that the NS records point to ns1 and ns2.exampleA.com.
Notice the A records for www.example{A,B} which should match your Apache instances if you are doing IP based hosting. If you are doing name based hosting you *could* DNS round robin the requests.
Master and Secondary DNS configurations are defined in your named.conf file. This doesn't matter in your necessarily for your configuration, but thought I would point it out.
On the master
zone "examplea.com" { type master; file "zone.examplea.com"; allow-transfer { ns2.examplea.com } };
On the secondary
zone "examplea.com" { type slave; masters { ns1.examplea.com }; file "zone.example.com"; };
-- James A. Peltier Systems Analyst (FASNet), VIVARIUM Technical Director Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpeltier@sfu.ca Website : http://www.fas.sfu.ca | http://vivarium.cs.sfu.ca MSN : subatomic_spam@hotmail.com
Does your OS has a man 8 lart? http://www.xinu.nl/unix/humour/asr-manpages/lart.html
On Fri, Sep 24, 2010 at 19:49, James A. Peltier jpeltier@sfu.ca wrote:
BIND has listen on directives as well, but if this is a single box configuration it's not necessarily required as it will listen on all interfaces.
Yes, I actually do want it to listen on all addresses (only one NIC), I don't know why I thought that it had to be explicitly configured.
As far as configuring the domains, well that's pretty simple. In your DNS records for each domain you would define NS records such as this
$TTL 1d @ IN SOA ns1.exampleA.com. hostmaster.exampleA.com. ( 2010092401 ; PUT SEQUENCE NUMBER HERE (YYYY/MM/DAY/CHANGE #) 3600 ; Refresh every hour 600 ; Retry - every ten minutes 604800 ; Expire - after one week 1h ) ; Minimum 1H IN NS ns1.exampleA.com. IN NS ns2.exampleA.com.
;; Hosts Section
ns1 IN A 1.1.1.1 ns2 IN A 1.1.1.2 www IN A 1.1.1.3
Keep in mind that you don't need A records for the NS records if you are pointing to a different name server so your exampleB your records might look like this
$TTL 1d @ IN SOA ns1.exampleB.com. hostmaster.exampleB.com. ( 2010092401 ; PUT SEQUENCE NUMBER HERE (YYYY/MM/DAY/CHANGE #) 3600 ; Refresh every hour 600 ; Retry - every ten minutes 604800 ; Expire - after one week 1h ) ; Minimum 1H IN NS ns1.exampleA.com. IN NS ns2.exampleA.com.
;; Hosts Section
www 1.1.1.4
Notice that the NS records point to ns1 and ns2.exampleA.com.
That is quite the point: I need the nameservers for exampleA.com and exampleB.com to be different!
Notice the A records for www.example{A,B} which should match your Apache instances if you are doing IP based hosting. If you are doing name based hosting you *could* DNS round robin the requests.
If the nameservers are for specific addresses, and Apache serves based on FQDN as opposed to based on address, then I think that Apache can answer on all addresses.
Master and Secondary DNS configurations are defined in your named.conf file. This doesn't matter in your necessarily for your configuration, but thought I would point it out.
On the master
zone "examplea.com" { type master; file "zone.examplea.com"; allow-transfer { ns2.examplea.com } };
On the secondary
zone "examplea.com" { type slave; masters { ns1.examplea.com }; file "zone.example.com"; };
Thanks. I will do another for exampleB.com as well, to keep them separate.
Thank you for all the help so far. To conclude: I have one physical server that answers to the following IP addresses: 1.1.1.1 1.1.1.2 1.1.1.3 1.1.1.4
I need 1.1.1.1 & 1.1.1.2 to be the name servers for exampleA.com, and 1.1.1.3 & 1.1.1.4 to be the nameservers for exampleB.com. I have these files:
# cat /etc/named.conf
options { directory "/etc"; pid-file "/var/run/named/named.pid"; listen-on { any; }; };
zone "." { type hint; file "/etc/db.cache"; };
zone "exampleA.com" { type master; file "/var/named/exampleA.com.hosts"; }; zone "exampleB.com" { type master; file "/var/named/exampleB.com.hosts"; };
# cat /var/named/exampleA.com.hosts
$ORIGIN exampleA.com. $TTL 1h exampleA.com. IN SOA ns1.exampleA.com. ns2.exampleA.com. ( 1; Serial - increment me 10800 3600 604800 38400 ) exampleA.com. IN NS ns1.exampleA.com. exampleA.com. IN NS ns2.exampleA.com. exampleA.com. IN A 1.1.1.1 exampleA.com. IN A 1.1.1.2
# cat /var/named/exampleB.com.hosts
$ORIGIN exampleB.com. $TTL 1h exampleB.com. IN SOA ns1.exampleB.com. ns2.exampleB.com. ( 1; Serial - increment me 10800 3600 604800 38400 ) exampleB.com. IN NS ns1.exampleB.com. exampleB.com. IN NS ns2.exampleB.com. exampleB.com. IN A 1.1.1.3 exampleB.com. IN A 1.1.1.4
How does that look?
----- Original Message ----- | Thank you for all the help so far. To conclude: | I have one physical server that answers to the following IP addresses: | 1.1.1.1 | 1.1.1.2 | 1.1.1.3 | 1.1.1.4 | | I need 1.1.1.1 & 1.1.1.2 to be the name servers for exampleA.com, and | 1.1.1.3 & 1.1.1.4 to be the nameservers for exampleB.com. I have these | files: | | # cat /etc/named.conf | | options { | directory "/etc"; | pid-file "/var/run/named/named.pid"; | listen-on { | any; | }; | }; | | zone "." { | type hint; | file "/etc/db.cache"; | }; | | zone "exampleA.com" { | type master; | file "/var/named/exampleA.com.hosts"; | }; | zone "exampleB.com" { | type master; | file "/var/named/exampleB.com.hosts"; | }; | | | | # cat /var/named/exampleA.com.hosts | | $ORIGIN exampleA.com. | $TTL 1h | exampleA.com. IN SOA ns1.exampleA.com. ns2.exampleA.com. ( | 1; Serial - increment me | 10800 | 3600 | 604800 | 38400 ) | exampleA.com. IN NS ns1.exampleA.com. | exampleA.com. IN NS ns2.exampleA.com. | exampleA.com. IN A 1.1.1.1 | exampleA.com. IN A 1.1.1.2
formatting for NS records is incorrect. It should just read
NS ns1.exampleA.com NS ns2.exampleA.com
where is your ns1.exampleA.com entry? where is your ns2.exampleA.com entry?
| # cat /var/named/exampleB.com.hosts | | $ORIGIN exampleB.com. | $TTL 1h | exampleB.com. IN SOA ns1.exampleB.com. ns2.exampleB.com. ( | 1; Serial - increment me | 10800 | 3600 | 604800 | 38400 ) | exampleB.com. IN NS ns1.exampleB.com. | exampleB.com. IN NS ns2.exampleB.com. | exampleB.com. IN A 1.1.1.3 | exampleB.com. IN A 1.1.1.4
NS records are same as above. Correct your formatting.
A records are not needed for NS records from a different zone, only for that zone
| How does that look?
Broken! :)
-- James A. Peltier Systems Analyst (FASNet), VIVARIUM Technical Director Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpeltier@sfu.ca Website : http://www.fas.sfu.ca | http://vivarium.cs.sfu.ca MSN : subatomic_spam@hotmail.com
Does your OS has a man 8 lart? http://www.xinu.nl/unix/humour/asr-manpages/lart.html
----- Original Message ----- | ----- Original Message ----- | | Thank you for all the help so far. To conclude: | | I have one physical server that answers to the following IP | | addresses: | | 1.1.1.1 | | 1.1.1.2 | | 1.1.1.3 | | 1.1.1.4 | | | | I need 1.1.1.1 & 1.1.1.2 to be the name servers for exampleA.com, | | and | | 1.1.1.3 & 1.1.1.4 to be the nameservers for exampleB.com. I have | | these | | files: | | | | # cat /etc/named.conf | | | | options { | | directory "/etc"; | | pid-file "/var/run/named/named.pid"; | | listen-on { | | any; | | }; | | }; | | | | zone "." { | | type hint; | | file "/etc/db.cache"; | | }; | | | | zone "exampleA.com" { | | type master; | | file "/var/named/exampleA.com.hosts"; | | }; | | zone "exampleB.com" { | | type master; | | file "/var/named/exampleB.com.hosts"; | | }; | | | | | | | | # cat /var/named/exampleA.com.hosts | | | | $ORIGIN exampleA.com. | | $TTL 1h | | exampleA.com. IN SOA ns1.exampleA.com. ns2.exampleA.com. ( | | 1; Serial - increment me | | 10800 | | 3600 | | 604800 | | 38400 ) | | exampleA.com. IN NS ns1.exampleA.com. | | exampleA.com. IN NS ns2.exampleA.com. | | exampleA.com. IN A 1.1.1.1 | | exampleA.com. IN A 1.1.1.2 | | formatting for NS records is incorrect. It should just read | | NS ns1.exampleA.com | NS ns2.exampleA.com |
correction! It should read
NS ns1.exampleA.com.
Please note the trailing period
| where is your ns1.exampleA.com entry? | where is your ns2.exampleA.com entry? | | | | # cat /var/named/exampleB.com.hosts | | | | $ORIGIN exampleB.com. | | $TTL 1h | | exampleB.com. IN SOA ns1.exampleB.com. ns2.exampleB.com. ( | | 1; Serial - increment me | | 10800 | | 3600 | | 604800 | | 38400 ) | | exampleB.com. IN NS ns1.exampleB.com. | | exampleB.com. IN NS ns2.exampleB.com. | | exampleB.com. IN A 1.1.1.3 | | exampleB.com. IN A 1.1.1.4 | | NS records are same as above. Correct your formatting. | | A records are not needed for NS records from a different zone, only | for that zone | | | How does that look? | | Broken! :) | | -- | James A. Peltier | Systems Analyst (FASNet), VIVARIUM Technical Director | Simon Fraser University - Burnaby Campus | Phone : 778-782-6573 | Fax : 778-782-3045 | E-Mail : jpeltier@sfu.ca | Website : http://www.fas.sfu.ca | http://vivarium.cs.sfu.ca | MSN : subatomic_spam@hotmail.com | | Does your OS has a man 8 lart? | http://www.xinu.nl/unix/humour/asr-manpages/lart.html | | | _______________________________________________ | CentOS mailing list | CentOS@centos.org | http://lists.centos.org/mailman/listinfo/centos
On Fri, Sep 24, 2010 at 22:06, James A. Peltier jpeltier@sfu.ca wrote:
formatting for NS records is incorrect. It should just read
NS ns1.exampleA.com. NS ns2.exampleA.com.
Thanks. (I added the periods)
where is your ns1.exampleA.com entry? where is your ns2.exampleA.com entry?
Where _should_ they be? So far as I've been able to google, I cannot tell... This is what all the examples look like that I have been able to find.
Broken! :)
Ou!
Ah, some better examples here: http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-zone.html
How is this file:
# cat /var/named/exampleA.com.hosts
$ORIGIN exampleA.com. $TTL 1h exampleA.com. IN SOA ns1.exampleA.com. ns2.exampleA.com. ( 1; Serial - increment me 10800 3600 604800 38400 ) IN NS ns1.exampleA.com. IN NS ns2.exampleA.com. exampleA.com. IN A 1.1.1.1 exampleA.com. IN A 1.1.1.2 ns1 IN A 1.1.1.1 ns2 IN A 1.1.1.2
Am 24.09.2010 22:12, schrieb Dotan Cohen:
On Fri, Sep 24, 2010 at 22:06, James A. Peltier jpeltier@sfu.ca wrote:
formatting for NS records is incorrect. It should just read
NS ns1.exampleA.com. NS ns2.exampleA.com.
Thanks. (I added the periods)
where is your ns1.exampleA.com entry? where is your ns2.exampleA.com entry?
Where _should_ they be? So far as I've been able to google, I cannot tell... This is what all the examples look like that I have been able to find.
Broken! :)
Ou!
http://www.zytrax.com/books/dns/
That is a good source to read up about bind configuration.
As a sidenote please be aware, that if someone directly queries your ns1.exampleA.com for exampleB.com zone records he will get proper answers. If you would need to prevent this for any reason you would need a extended bind config design using views.
While the zytrax book has lessons about views you can too find a resource in
http://www.cymru.com/Documents/secure-bind-template.html
Regards
Alexander
On Fri, Sep 24, 2010 at 22:24, Alexander Dalloz ad+lists@uni-x.org wrote:
http://www.zytrax.com/books/dns/
That is a good source to read up about bind configuration.
As a sidenote please be aware, that if someone directly queries your ns1.exampleA.com for exampleB.com zone records he will get proper answers. If you would need to prevent this for any reason you would need a extended bind config design using views.
While the zytrax book has lessons about views you can too find a resource in
Wow, thank you! There is some good reading there, especially the security link. Lots of little holes to exploit!
I will be up for the night!
On Fri, Sep 24, 2010 at 10:28:41PM +0200, Dotan Cohen wrote:
On Fri, Sep 24, 2010 at 22:24, Alexander Dalloz ad+lists@uni-x.org wrote:
http://www.zytrax.com/books/dns/
That is a good source to read up about bind configuration.
As a sidenote please be aware, that if someone directly queries your ns1.exampleA.com for exampleB.com zone records he will get proper answers. If you would need to prevent this for any reason you would need a extended bind config design using views.
While the zytrax book has lessons about views you can too find a resource in
Wow, thank you! There is some good reading there, especially the security link. Lots of little holes to exploit!
I will be up for the night!
For completeness: there is the BIND 9 Administrator Reference Manual, known as the ARM, usually supplied under /usr/share/doc/. And what many consider to be the standard reference, Liu and Albitz's "DNS and BIND" published by O'Reilly. I believe it's up to the 5th edition now; an earlier edition used to be provided online. If you're serious about learning DNS you ought to consider this book.
On 9/24/10 11:12 PM, cpolish@surewest.net wrote:
On Fri, Sep 24, 2010 at 10:28:41PM +0200, Dotan Cohen wrote:
On Fri, Sep 24, 2010 at 22:24, Alexander Dallozad+lists@uni-x.org wrote:
http://www.zytrax.com/books/dns/
That is a good source to read up about bind configuration.
As a sidenote please be aware, that if someone directly queries your ns1.exampleA.com for exampleB.com zone records he will get proper answers. If you would need to prevent this for any reason you would need a extended bind config design using views.
While the zytrax book has lessons about views you can too find a resource in
Wow, thank you! There is some good reading there, especially the security link. Lots of little holes to exploit!
I will be up for the night!
For completeness: there is the BIND 9 Administrator Reference Manual, known as the ARM, usually supplied under /usr/share/doc/. And what many consider to be the standard reference, Liu and Albitz's "DNS and BIND" published by O'Reilly. I believe it's up to the 5th edition now; an earlier edition used to be provided online. If you're serious about learning DNS you ought to consider this book.
Learning bind is sort of like learning sendmail though. They both do a million things you'll never need (and if you do you should probably change your design...). The trick - especially when you start with the full references - is to figure out the simple part you need to understand and ignore the rest. And when using distribution-packaged versions, most of what you need is already there.
On Sat, Sep 25, 2010 at 18:15, Les Mikesell lesmikesell@gmail.com wrote:
For completeness: there is the BIND 9 Administrator Reference Manual, known as the ARM, usually supplied under /usr/share/doc/. And what many consider to be the standard reference, Liu and Albitz's "DNS and BIND" published by O'Reilly. I believe it's up to the 5th edition now; an earlier edition used to be provided online. If you're serious about learning DNS you ought to consider this book.
Learning bind is sort of like learning sendmail though. They both do a million things you'll never need (and if you do you should probably change your design...). The trick - especially when you start with the full references - is to figure out the simple part you need to understand and ignore the rest. And when using distribution-packaged versions, most of what you need is already there.
Most certainly. I think that my major problem is that I tried to "learn BIND" instead of learning how to get it to do the specific thing that I needed it to do. It's like learning the entire Japanese language just to be sure to know how read the bathroom signs on a two-hour stopover in Tokyo.
At Fri, 24 Sep 2010 22:12:44 +0200 CentOS mailing list centos@centos.org wrote:
On Fri, Sep 24, 2010 at 22:06, James A. Peltier jpeltier@sfu.ca wrote:
formatting for NS records is incorrect. It should just read
NS ns1.exampleA.com. NS ns2.exampleA.com.
Thanks. (I added the periods)
where is your ns1.exampleA.com entry? where is your ns2.exampleA.com entry?
Where _should_ they be? So far as I've been able to google, I cannot tell... This is what all the examples look like that I have been able to find.
With the rest of the IN A records for exampleA.com (and correspondingly for exampleB.com). You need *addresses* for your name servers as well as for your web servers. And you might also want to have www.<mumble> address records as well. And if these site are sending E-Mail, MX records would be *polite*. MTAs often toss E-Mail from addresses lacking MX records... And if you have a MX record pointing to mail.exampleA.com and/or mail.exampleB.com, you will need IN A records for the mail. hosts as well. Or you can use CNAME records.
Broken! :)
Ou!
On Fri, Sep 24, 2010 at 22:41, Robert Heller heller@deepsoft.com wrote:
With the rest of the IN A records for exampleA.com (and correspondingly for exampleB.com). You need *addresses* for your name servers as well as for your web servers.
I see.
And you might also want to have www.<mumble> address records as well.
Added!
And if these site are sending E-Mail, MX records would be *polite*. MTAs often toss E-Mail from addresses lacking MX records... And if you have a MX record pointing to mail.exampleA.com and/or mail.exampleB.com, you will need IN A records for the mail. hosts as well. Or you can use CNAME records.
Thanks. There will be no email, though.
At Fri, 24 Sep 2010 21:58:09 +0200 CentOS mailing list centos@centos.org wrote:
Thank you for all the help so far. To conclude: I have one physical server that answers to the following IP addresses: 1.1.1.1 1.1.1.2 1.1.1.3 1.1.1.4
I need 1.1.1.1 & 1.1.1.2 to be the name servers for exampleA.com, and 1.1.1.3 & 1.1.1.4 to be the nameservers for exampleB.com. I have these files:
# cat /etc/named.conf
options { directory "/etc"; pid-file "/var/run/named/named.pid"; listen-on { any; }; };
zone "." { type hint; file "/etc/db.cache"; };
zone "exampleA.com" { type master; file "/var/named/exampleA.com.hosts"; }; zone "exampleB.com" { type master; file "/var/named/exampleB.com.hosts"; };
# cat /var/named/exampleA.com.hosts
$ORIGIN exampleA.com. $TTL 1h exampleA.com. IN SOA ns1.exampleA.com. ns2.exampleA.com. ( 1; Serial - increment me 10800 3600 604800 38400 ) exampleA.com. IN NS ns1.exampleA.com. exampleA.com. IN NS ns2.exampleA.com. exampleA.com. IN A 1.1.1.1 exampleA.com. IN A 1.1.1.2
You need:
ns1.exampleA.com. IN A 1.1.1.1 ns2.exampleA.com. IN A 1.1.1.2
And you might also consider:
www.exampleA.com. IN A 1.1.1.1 www.exampleA.com. IN A 1.1.1.2
# cat /var/named/exampleB.com.hosts
$ORIGIN exampleB.com. $TTL 1h exampleB.com. IN SOA ns1.exampleB.com. ns2.exampleB.com. ( 1; Serial - increment me 10800 3600 604800 38400 ) exampleB.com. IN NS ns1.exampleB.com. exampleB.com. IN NS ns2.exampleB.com. exampleB.com. IN A 1.1.1.3 exampleB.com. IN A 1.1.1.4
And:
ns1.exampleB.com. IN A 1.1.1.3 ns2.exampleB.com. IN A 1.1.1.4
And you might want to consider:
www.exampleB.com. IN A 1.1.1.3 www.exampleB.com. IN A 1.1.1.4
How does that look?
On Fri, Sep 24, 2010 at 22:41, Robert Heller heller@deepsoft.com wrote:
You need:
ns1.exampleA.com. IN A 1.1.1.1 ns2.exampleA.com. IN A 1.1.1.2
Here I have found conflicting information, it seems that some sources suggest this instead: ns1 IN A 1.1.1.1 ns2 IN A 1.1.1.2
Any idea?
And you might also consider:
www.exampleA.com. IN A 1.1.1.1 www.exampleA.com. IN A 1.1.1.2
Yes, of course! Thanks.
----- Original Message ----- | On Fri, Sep 24, 2010 at 22:41, Robert Heller heller@deepsoft.com | wrote: | > You need: | > | > ns1.exampleA.com. IN A 1.1.1.1 | > ns2.exampleA.com. IN A 1.1.1.2 | > | | Here I have found conflicting information, it seems that some sources | suggest this instead: | ns1 IN A 1.1.1.1 | ns2 IN A 1.1.1.2 | | Any idea? | | > And you might also consider: | > | > www.exampleA.com. IN A 1.1.1.1 | > www.exampleA.com. IN A 1.1.1.2 | > | | Yes, of course! Thanks. | | -- | Dotan Cohen | | http://gibberish.co.il | http://what-is-what.com | _______________________________________________ | CentOS mailing list | CentOS@centos.org | http://lists.centos.org/mailman/listinfo/centos
This is a matter of preference, but may depend on your configuration too. I'm lazy so I use short form
http://www.zytrax.com/books/dns/ch6/mydomain.html
-- James A. Peltier Systems Analyst (FASNet), VIVARIUM Technical Director Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpeltier@sfu.ca Website : http://www.fas.sfu.ca | http://vivarium.cs.sfu.ca MSN : subatomic_spam@hotmail.com
Does your OS has a man 8 lart? http://www.xinu.nl/unix/humour/asr-manpages/lart.html
----- Original Message ----- | ----- Original Message ----- | | On Fri, Sep 24, 2010 at 22:41, Robert Heller heller@deepsoft.com | | wrote: | | > You need: | | > | | > ns1.exampleA.com. IN A 1.1.1.1 | | > ns2.exampleA.com. IN A 1.1.1.2 | | > | | | | Here I have found conflicting information, it seems that some | | sources | | suggest this instead: | | ns1 IN A 1.1.1.1 | | ns2 IN A 1.1.1.2 | | | | Any idea? | | | | > And you might also consider: | | > | | > www.exampleA.com. IN A 1.1.1.1 | | > www.exampleA.com. IN A 1.1.1.2 | | > | | | | Yes, of course! Thanks. | | | | -- | | Dotan Cohen | | | | http://gibberish.co.il | | http://what-is-what.com | | _______________________________________________ | | CentOS mailing list | | CentOS@centos.org | | http://lists.centos.org/mailman/listinfo/centos | | | This is a matter of preference, but may depend on your configuration | too. I'm lazy so I use short form | | http://www.zytrax.com/books/dns/ch6/mydomain.html
Damn fingers!
It depends on your configuration because if you don't define $ORIGIN example.com. you need to fully qualify
-- James A. Peltier Systems Analyst (FASNet), VIVARIUM Technical Director Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpeltier@sfu.ca Website : http://www.fas.sfu.ca | http://vivarium.cs.sfu.ca MSN : subatomic_spam@hotmail.com
Does your OS has a man 8 lart? http://www.xinu.nl/unix/humour/asr-manpages/lart.html
All right, I think this should do it:
$ORIGIN exampleA.com. $TTL 86400 exampleA.com. IN SOA ns1.exampleA.com. ns2.exampleA.com. ( 2; Serial - increment me 10800 3600 604800 38400 ) IN NS ns1.exampleA.com. IN NS ns2.exampleA.com. IN A 178.63.65.136 IN A 178.63.65.188 www IN A 178.63.65.136 www IN A 178.63.65.188 ns1 IN A 178.63.65.136 ns2 IN A 178.63.65.188
What say the wise among us?
----- Original Message ----- | All right, I think this should do it: | | $ORIGIN exampleA.com. | $TTL 86400 | exampleA.com. IN SOA ns1.exampleA.com. ns2.exampleA.com. ( | 2; Serial - increment me | 10800 | 3600 | 604800 | 38400 ) | IN NS ns1.exampleA.com. | IN NS ns2.exampleA.com. | IN A 178.63.65.136 | IN A 178.63.65.188 | www IN A 178.63.65.136 | www IN A 178.63.65.188 | ns1 IN A 178.63.65.136 | ns2 IN A 178.63.65.188 | | What say the wise among us? | | -- | Dotan Cohen | | http://gibberish.co.il | http://what-is-what.com | _______________________________________________ | CentOS mailing list | CentOS@centos.org | http://lists.centos.org/mailman/listinfo/centos
Looks good. you can change your 10800 3600 604800 and 38400 to hours, days or weeks represented by 1h, 1d or 1w respectively to make it easier than calculating seconds. :)
-- James A. Peltier Systems Analyst (FASNet), VIVARIUM Technical Director Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpeltier@sfu.ca Website : http://www.fas.sfu.ca | http://vivarium.cs.sfu.ca MSN : subatomic_spam@hotmail.com
Does your OS has a man 8 lart? http://www.xinu.nl/unix/humour/asr-manpages/lart.html
On Fri, Sep 24, 2010 at 23:29, James A. Peltier jpeltier@sfu.ca wrote:
Looks good. you can change your 10800 3600 604800 and 38400 to hours, days or weeks represented by 1h, 1d or 1w respectively to make it easier than calculating seconds. :)
Thank you!
On Fri, Sep 24, 2010 at 23:13, James A. Peltier jpeltier@sfu.ca wrote:
| > You need: | > | > ns1.exampleA.com. IN A 1.1.1.1 | > ns2.exampleA.com. IN A 1.1.1.2 | > | | Here I have found conflicting information, it seems that some sources | suggest this instead: | ns1 IN A 1.1.1.1 | ns2 IN A 1.1.1.2 | | Any idea? | This is a matter of preference, but may depend on your configuration too. I'm lazy so I use short form
I see, James, thanks.
On 9/24/2010 4:02 PM, Dotan Cohen wrote:
On Fri, Sep 24, 2010 at 22:41, Robert Hellerheller@deepsoft.com wrote:
You need:
ns1.exampleA.com. IN A 1.1.1.1 ns2.exampleA.com. IN A 1.1.1.2
Here I have found conflicting information, it seems that some sources suggest this instead: ns1 IN A 1.1.1.1 ns2 IN A 1.1.1.2
They are the same. The $ORIGIN is normally appended to names, but not when it has a trailing '.' (in which case you include it yourself).
At Fri, 24 Sep 2010 23:02:21 +0200 CentOS mailing list centos@centos.org wrote:
On Fri, Sep 24, 2010 at 22:41, Robert Heller heller@deepsoft.com wrote:
You need:
ns1.exampleA.com. IN A 1.1.1.1 ns2.exampleA.com. IN A 1.1.1.2
Here I have found conflicting information, it seems that some sources suggest this instead: ns1 IN A 1.1.1.1 ns2 IN A 1.1.1.2
Any idea?
When you have an $ORIGIN statement, it defines a suffix to automatically add to any name that does not end in a '.'. You can do either, depending on how gratiously verbose you want to be. Of course, being verbose sort of defeats the whole point of the $ORIGIN statement...
And you might also consider:
www.exampleA.com. IN A 1.1.1.1 www.exampleA.com. IN A 1.1.1.2
Yes, of course! Thanks.
On Sat, Sep 25, 2010 at 00:06, Robert Heller heller@deepsoft.com wrote:
When you have an $ORIGIN statement, it defines a suffix to automatically add to any name that does not end in a '.'. You can do either, depending on how gratiously verbose you want to be. Of course, being verbose sort of defeats the whole point of the $ORIGIN statement...
I see, thanks.
I think you should be able to do this using BIND views with match-destinations. Have one view match destinations for 1.1.1.1 and 1.1.1.2 and the other for 1.1.1.3 and 1.1.1.4. Create a zone in one view for exampleA.com and one in the other for exampleB.com
Ryan
On Fri, Sep 24, 2010 at 1:08 PM, Dotan Cohen dotancohen@gmail.com wrote:
On a CentOS 5 server, I am having a hard time configuring BIND to answer to 4 IP addresses for 2 domain names.
Currently, I have four IP addresses, for sake of discussion they are: 1.1.1.1 1.1.1.2 1.1.1.3 1.1.1.4
Additionally, I have two domain names. For sake of discussion: exampleA.com exampleB.com
My goal is to have 1.1.1.1 & 1.1.1.2 as the nameservers for exampleA.com, and 1.1.1.3 & 1.1.1.4 as the nameservers for exampleB.com. Apache is running on this machine, and should of course serve pages for the sites.
I think that I've got the apache configuration down, but the BIND configuration is eluding me. I've read the following fine manual, but I am still stuck: http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-bind.html
Additionally, I have googled for "how to configure bind for multiple domain names" and the like, but I see no mention of the IP addresses configuration. Can I simply configure any IP address that the server answers to as the nameservers? What am I missing?
Thank you in advance!
-- Dotan Cohen
http://gibberish.co.il http://what-is-what.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos