[CentOS] DNS bind - use of /etc/named directory

Tue Dec 4 09:41:05 UTC 2018

On Tue, 2018-12-04 at 08:19 +0000, J Martin Rushton via CentOS wrote:
> The '/etc/named.conf.rpmnew' file supplied is a bare minimum to
> "configure the ... server as a caching only nameserver (as a localhost
> DNS resolver only)".  As soon as you start adding any structure to it
> things change, not just are added to.  See
> '/usr/share/doc/bind-*/sample/etc/named.conf' for example.  Probably the
> biggest "gotcha" is that as soon as you use _any_ views you MUST use
> views for _all_ zones.
>
> If you were to move the default '/etc/named.conf.rpmnew' to
> '/etc/named.conf' and add an 'include "/etc/named/*";', line as you
> suggest, you would be building problems for the future.  Let's say you
> dropped in 'internal.conf' which had a simple 'view "internal" stanza -
> then your root hints, localhost, localhost IPV6 and reverse localhosts
> would disappear.  Just what you wouldn't want at 00:51 !
>
> What you can do safely is to include the zone definitions in a separate
> file (see '/etc/named.rfc1912.zones' for example) and include that file.
>  Doing things this way means that your main configuration file can be
> written to either use views or not, and to just include your zone
> definitions in the appropriate place.  See the sample file for an example.
>
Thanks for the reply.

However, we don't use views and the local settings are not for zones. We do
currently have a separate zone file, but again that requires an 'include' in
the main '/etc/named.conf'. If a local settings file (in '/etc/named') could be
used, then we would simply 'include' the zone file in that. Ultimately, the
main named.conf file would remain untouched.

John.

>
> On 04/12/18 00:51, John Horne wrote:
> > Hello,
> >
> > For many years we have modified the '/etc/named.conf' file to include local
> > settings. The disadvantage with this is of course that when bind is
> > updated, it
> > creates an '/etc/named.conf.rpmnew' file. We then have to determine what is
> > new, and apply the relevant changes to our modified named.conf file.
> >
> > There is, however, an '/etc/named' directory which I assumed was for local
> > configuration settings. The main '/etc/named.conf' file makes no mention of
> > this directory, so (I suspect) any config files in '/etc/named' would, by
> > default, just be ignored.
> >
> > As far as I can tell we could put our local configuration settings into a
> > file
> > in '/etc/named', but we would then, once again, have to modify
> > '/etc/named.conf' to tell it to include config files in '/etc/named'. We
> > would
> > then be back at square one in that any bind update would create an 'rpmnew'
> > file.
> >
> > I admit I haven't actually tested this, but has anyone used the
> > '/etc/named'
> > directory and not had to modify the main '/etc/named.conf' file?
> >
> > I suspect, if not, then this should be raised as a possible bug since it
> > would
> > make sense not to have to modify the main configuration file at all.
> >
> >
> >
> >
> > Thanks,
> >
> > John.
> >
> > --
> > John Horne | Senior Operations Analyst | Technology and Information
> > Services
> > University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
> > ________________________________
> > [
> > http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass
> > >
> >
> > This email and any files with it are confidential and intended solely for
> > the use of the recipient to whom it is addressed. If you are not the
> > intended recipient then copying, distribution or other use of the
> > information contained is strictly prohibited and you should not rely on it.
> > If you have received this email in error please let the sender know
> > immediately and delete it from your system(s). Internet emails are not
> > necessarily secure. While we take every care, University of Plymouth
> > accepts no responsibility for viruses and it is your responsibility to scan
> > emails and their attachments. University of Plymouth does not accept
> > responsibility for any changes made after it was sent. Nothing in this
> > email or its attachments constitutes an order for goods or services unless
> > accompanied by an official order form.
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
________________________________
[http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass>

This email and any files with it are confidential and intended solely for the use of the recipient to whom it is addressed. If you are not the intended recipient then copying, distribution or other use of the information contained is strictly prohibited and you should not rely on it. If you have received this email in error please let the sender know immediately and delete it from your system(s). Internet emails are not necessarily secure. While we take every care, University of Plymouth accepts no responsibility for viruses and it is your responsibility to scan emails and their attachments. University of Plymouth does not accept responsibility for any changes made after it was sent. Nothing in this email or its attachments constitutes an order for goods or services unless accompanied by an official order form.