Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
opennic:t2slaved [2020-11-26T23:53:59Z] – [Slaved Zones with BIND9] darkrebel | opennic:t2slaved [2022-11-27T13:02:25Z] (current) – Updated Page, Added cosmetics, rewritten a few sentences to include the new opennic:t2slaved:zonefile and made corrections Olde16 | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Slaved Zones with BIND9 ====== | ====== Slaved Zones with BIND9 ====== | ||
- | FIXME This guide was copied directly from the old wiki. It likely needs some updates | + | Also refer to [[opennic: |
+ | |||
+ | Consider | ||
For those wishing to set up a more robust local nameserver, or if you plan on running a public [[tier1|Tier 1]] or [[tier2|Tier 2]] server for OpenNIC, configuring BIND with slave zones is the preferred method. Please read [[opennic: | For those wishing to set up a more robust local nameserver, or if you plan on running a public [[tier1|Tier 1]] or [[tier2|Tier 2]] server for OpenNIC, configuring BIND with slave zones is the preferred method. Please read [[opennic: | ||
Line 19: | Line 21: | ||
</ | </ | ||
- | You need to comment or remove these lines. Instead of using a hints file, you will now be slaving the root zone plus another zone which contains a list of all OpenNIC public Tier 2 servers. Typically you will have an options file in your default BIND configuration. Within the options file will be a ' | + | You need to comment or remove these lines. Instead of using a hints file, you will now be slaving the root zone plus another zone which contains a list of all OpenNIC public Tier 2 servers. Typically you will have a ' |
- | directory "/ | + | '' |
- | Grab | + | This line tells us that BIND will save your slave files under / |
- | This line tells us that BIND will save your slave files under / | + | |
- | Add the following lines to your named.conf in place of the above ' | + | It is common practice to only include the actual authoritative nameservers of a zone in the '' |
+ | add the following lines to your named.conf in place of the above ' | ||
< | < | ||
Line 68: | Line 70: | ||
</ | </ | ||
- | Note the ' | + | Note the '' |
- | If you have a firewall or port-forwarding configured to direct DNS traffic to your server, please ensure that port 53 for both UDP and TCP are enabled. The most common failure for a public Tier 2 server is that port 53 TCP is blocked, which will cause you to fail testing of the ' | + | If you have a firewall or port-forwarding configured to direct DNS traffic to your server, please ensure that port 53 for both UDP and TCP are enabled. The **most common failure** for a public Tier 2 server is that port 53 TCP is blocked, which will cause you to fail testing of the ' |
This completes the most basic slave zone configuration, | This completes the most basic slave zone configuration, | ||
- | To slave all of the OpenNIC zones, add the following below the ' | + | To slave all of the OpenNIC zones, |
- | + | :!: Make sure they are still up to date! (([[opennic: | |
- | <file> | + | :!: If you decided to use the '' |
- | zone " | + | |
- | type slave; | + | |
- | file "bbs.zone"; | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone "opennic.glue" in { | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; }; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | zone " | + | |
- | type slave; | + | |
- | file " | + | |
- | allow-transfer { any; }; | + | |
- | notify yes; | + | |
- | masters { opennicNS; opennicPeers; | + | |
- | }; | + | |
- | </ | + | |
+ | ==== Security Considerations ==== | ||
Finally, you will want to consider WHO is allowed to query your server and add an appropriate line to your options file. The default behavior (if you have not specified otherwise) is to only allow your local network to query, and the line for your options file would look like this: | Finally, you will want to consider WHO is allowed to query your server and add an appropriate line to your options file. The default behavior (if you have not specified otherwise) is to only allow your local network to query, and the line for your options file would look like this: | ||
Line 226: | Line 95: | ||
To finish your new configuration, | To finish your new configuration, | ||
- | **TESTING T2 Public Server** | + | ====TESTING T2 Public Server==== |
If you are creating a public Tier 2, and have your firewall or port-forwarding configuration completed, you can test the public access of your service by visiting the test link [[https:// | If you are creating a public Tier 2, and have your firewall or port-forwarding configuration completed, you can test the public access of your service by visiting the test link [[https:// |