Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
opennic:t2slaved [2017-04-19T02:13:30Z] – created jonaharagon | opennic:t2slaved [2022-11-27T13:02:25Z] (current) – Updated Page, Added cosmetics, rewritten a few sentences to include the new opennic:t2slaved:zonefile and made corrections Olde16 | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Slaved Zones with BIND9 ====== | ====== Slaved Zones with BIND9 ====== | ||
- | FIXME This guide was copied directly from the old wiki. It likely needs some updates | + | Also refer to [[opennic: |
- | For those wishing to set up a more robust local nameserver, or if you plan on running a public tier-1 or tier-2 server for OpenNIC, configuring BIND with slave zones is the preferred method. Please read the policies before running a public T2 server. You should also join the appropriate MailingLists so you'll be notified of changing situations which may affect your operation. | + | Consider using the [[opennic: |
- | Slave zones contain the full record of domain names for each OpenNIC TLD. When a query is made for an OpenNIC domain, you have the exact information needed to proceed directly to that domain, thus eliminating several hops in processing a query. Note that the only difference between a tier-1 and tier-2 server is that tier-1 servers do not process public queries for ICANN domains - they ONLY process OpenNIC TLD requests. | + | For those wishing to set up a more robust local nameserver, or if you plan on running a public [[tier1|Tier 1]] or [[tier2|Tier 2]] server for OpenNIC, configuring BIND with slave zones is the preferred method. Please read [[opennic: |
+ | |||
+ | Slave zones contain the full record of domain names for each OpenNIC TLD. When a query is made for an OpenNIC domain, you have the exact information needed to proceed directly to that domain, thus eliminating several hops in processing a query. Note that the only difference between a Tier 1 and Tier 2 server is that Tier 1 servers do not process public queries for ICANN domains - they ONLY process OpenNIC TLD requests. | ||
Linux - BIND8/9 | Linux - BIND8/9 | ||
Line 19: | Line 21: | ||
</ | </ | ||
- | You need to comment or remove these lines. Instead of using a hints file, you will now be slaving the root zone plus another zone which contains a list of all OpenNIC public | + | You need to comment or remove these lines. Instead of using a hints file, you will now be slaving the root zone plus another zone which contains a list of all OpenNIC public |
- | directory "/ | + | '' |
- | Grab | + | This line tells us that BIND will save your slave files under / |
- | This line tells us that BIND will save your slave files under / | + | |
- | Add the following lines to your named.conf in place of the above ' | + | It is common practice to only include the actual authoritative nameservers of a zone in the '' |
+ | add the following lines to your named.conf in place of the above ' | ||
< | < | ||
+ | # check to make sure these are still correct! | ||
masters opennicNS { | masters opennicNS { | ||
- | 45.56.115.189; | + | 161.97.219.84; # ns2.opennic.glue |
- | 45.56.116.224; | + | 2001:470:4212: |
- | 173.160.58.202; # ns2.opennic.glue | + | 104.168.144.17; |
- | 2001:470:f032: | + | 2001: |
- | 198.46.244.109; # ns3.opennic.glue | + | 163.172.168.171; # ns4.opennic.glue |
- | 2001: | + | 2001:bc8:4400:2100::17:213; |
- | 178.63.145.230; # ns4.opennic.glue | + | 94.103.153.176; |
- | 2a01:4f8:101:3062::5:2; # ns4.opennic.glue | + | 2001:bc8:4400:2100::17:213; |
- | 94.103.153.176; | + | 207.192.71.13; |
- | 2a02:990:219:1:ba:1337:cafe:3; # ns5.opennic.glue | + | |
- | 207.192.71.13; | + | 2a01:4f8:141:4281::999; |
- | 2002:cfc0:470d::1; # ns6.opennic.glue | + | 138.68.128.160; |
- | 45.79.192.100; # ns7.opennic.glue | + | 2a03:b0c0:1:a1::46b:a001; |
- | 2600:3c02::f03c:91ff:fec8:d863; # ns7.opennic.glue | + | 188.226.146.136; # ns10.opennic.glue |
- | 178.63.116.152; # ns8.opennic.glue | + | 2001:470:1f04:ebf::2; |
- | 2a01:4f8:141:4281::999; # ns8.opennic.glue | + | 45.55.97.204; |
- | 188.226.215.149; # ns9.opennic.glue | + | 2604:a880:800:a1::14c1:1; |
- | 2a03:b0c0:0:1010::48:4001; # ns9.opennic.glue | + | 79.124.7.81; # ns12.opennic.glue |
- | 50.116.19.70; # ns10.opennic.glue | + | |
- | 188.226.146.136; # ns10.opennic.glue | + | |
}; | }; | ||
masters opennicPeers { | masters opennicPeers { | ||
Line 53: | Line 55: | ||
zone " | zone " | ||
- | type slave; | + | type slave; |
- | file " | + | file " |
- | allow-transfer { any; }; | + | allow-transfer { any; }; |
- | notify yes; | + | notify yes; |
- | masters { opennicNS; }; | + | masters { opennicNS; }; |
}; | }; | ||
zone " | zone " | ||
- | type slave; | + | type slave; |
- | file " | + | file " |
- | allow-transfer { any; }; | + | allow-transfer { any; }; |
- | notify yes; | + | notify yes; |
- | masters { opennicNS; opennicPeers; | + | masters { opennicNS; opennicPeers; |
}; | }; | ||
</ | </ | ||
- | Note the ' | + | Note the '' |
- | If you have a firewall or port-forwarding configured to direct DNS traffic to your server, please ensure that port 53 for both UDP and TCP are enabled. The most common failure for a public | + | If you have a firewall or port-forwarding configured to direct DNS traffic to your server, please ensure that port 53 for both UDP and TCP are enabled. The **most common failure** for a public |
This completes the most basic slave zone configuration, | This completes the most basic slave zone configuration, | ||
- | To slave all of the OpenNIC zones, add the following below the ' | + | To slave all of the OpenNIC zones, |
- | + | :!: Make sure they are still up to date! (([[opennic: | |
- | <file> | + | :!: If you decided to use the '' |
- | zone " | + | |
- | type slave; | + | |
- | file "bbs.zone"; | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone "opennic.glue" in { | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; }; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | </ | + | |
+ | ==== Security Considerations ==== | ||
Finally, you will want to consider WHO is allowed to query your server and add an appropriate line to your options file. The default behavior (if you have not specified otherwise) is to only allow your local network to query, and the line for your options file would look like this: | Finally, you will want to consider WHO is allowed to query your server and add an appropriate line to your options file. The default behavior (if you have not specified otherwise) is to only allow your local network to query, and the line for your options file would look like this: | ||
Line 205: | Line 95: | ||
To finish your new configuration, | To finish your new configuration, | ||
- | If you are creating a public | + | ====TESTING T2 Public Server==== |
+ | |||
+ | If you are creating a public | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ----------------Historical Note---------------------- | ||
+ | // The old test link http:// | ||
===== Alternate Configurations ===== | ===== Alternate Configurations ===== | ||