|
|
||
|
|||
| Configuring Bind
This document explains how to configure Bind, the domain name server.
Other DNS Servers DNS servers constantly exchange the content of their DNS zones, which allows them to stay updated on changes in domain name - IP correspondences. Other DNS Servers allows you to configure the behavior of your DNS server when it exchanges zone transfer requests or responses with other servers.
IP address - the address of the server to be treated differently from others Logging and Errors On the Logging and Errors page you can change Bind's default logging behaviour.
Logging Channels - A channel specifies where logged data goes: to syslog (default_syslog),
to a file (default_debug), to bind's standard error output (default_stderr), or
nowhere (null). Access Control Lists Access Control Lists (ACLs) are address match lists that you can set up and nickname for future use in allow-notify, allow-query, allow-recursion, blackhole, allow-transfer, etc. To create an access control list, enter a name in the ACL Name field, and the IP addresses, networks, and names of other ACLs in the second field:
any - all hosts none - no hosts localhost - all interfaces on the system where BIND is running localnets - all hosts on the local networks for which the system has an interface configured. Files And Directories This section allows you to change locations for files used by Bind:
Database dump file - the dump of the Bind database. Process ID file - the process ID file. Path to zone transfer program - the path to the named-xfer program used for inbound zone transfers. Forwarding And Transfers This section allows you to specify parent DNS servers and how to behave towards them:
Lookup directly if no response from forwarder - choose whether to query the TLD servers directly if the parent servers do not reply. Choose No if your server has no internet connection or is behind a firewall allowing communication only with the parent servers. Maximum zone transfer time - the limit on the time allowed for inbound zone transfers. Default 120 minutes. Zone transfer format - configure whether to receive zone transfers one at a time or in batches. This is a global parameter for all servers and can be overriden for individual servers in the Other Servers section. Maximum concurrent zone transfers the limitation on the number of concurrent zone transfers. The default is 10. This is a global parameter for all servers and can be overriden for individual servers in the Other Servers section. Addresses And Topology This section allows you to configure IPs and ports used when querying parent DNS servers:
Source IP address for queries - local addresses and ports from which to query parent name servers if the information in the DNS zone is missing. Nameserver choice topology - set the sequence of querying other servers. Servers at the top of the list will be queried first. This is usually used to begin queries with servers that are the closest to the local name server. To force a servers to be queried after all others, prepend it with an ! (exclamation mark). Miscellaneous Options This section contains miscellaneous options that aren't changed often:
Maximum data memory usage - the maximum amount of RAM used by Bind. Maximum open files - the maximum number of files that can be opened by Bind at a time. Maximum stack memory usage - the maximum amount of stack space that can be used by Bind. Interval between cleaning expired records - the interval between cleaning expired records from cache. The default is 60 minutes. Interval between check for new interfaces - the interval between scanning network interfaces. The default is 60 minutes. Interval between logging stats - the interval between writing general server statistics to the logs. The default is 60 minutes. To turn off logging, set it to 0 (zero). Do full recursive lookups for clients? - set this to No to refer clients to another name server. Allow multiple CNAME aliases for one name? - set this to Yes to allow multiple CNAME records for a single domain (e.g. for load balancing). Fetch glue records? - set this to No to disable fetching "glue" DNS records from other servers. Set authoritative AA bit on responses? - set this to No to avoid caching negative responses (e.g. NXDOMAIN, or "this domain does not exist"). Control Interface Options This section allows you to configure remote Bind management options and the hosts that are allowed to connect to the running BIND server accross a TCP socket via the control channel using programs ndc (in BIND 8) or rndc (in BIND 9):
Unix FIFO access - specify which clients are allowed access to the administrative channel using Unix FIFO pipe. In the fields, enter the filename for the pipe, the permissions for the pipe, the owner, and the owner group of the pipe. The file should be inaccessible to all but the administrative users of the system. The Unix pipe is supported in Bind 8, and is unavailable in BIND 9. DNS Keys In this section you can create DNS keys to secure queries, responses, zone transfers, and dynamic updates.
Algorithm - the encryption algorithm Secret String - a base 64-encoded key generated with the dnssec-keygen program included in BIND 9 or the dnskeygen program included in BIND 8. See Bind documentation on details. Zone Defaults These default values are used only by CP+ when creating new DNS zones; they don't affect the underlying Bind configuration.
Transfer retry time - the interval between retrying if a refresh attempt fails. The default is 3600 seconds. Expiry time - the expiration period for cached DNS records. The default is 432000 seconds. Default time-to-live - the minimum time to live for a zone before updating the records. The default is 38400 seconds. Template records - templated records that can be automatically inserted into new zones. Once the templates are created, you can choose to have them included into zone files you are adding through CP+. Allow transfers from - hosts allowed to receive zone transfers from your server. By default, all hosts are allowed. Allow queries from - hosts allowed to query your server. By default, all hosts are allowed.
|
|||
