Secondary DNS controller for Windows domain
Steven Stern
subscribed-lists at sterndata.com
Thu Oct 7 13:44:47 UTC 2004
On Wed, 6 Oct 2004 08:44:07 +0200 (CEST), "Roger Grosswiler" <roger at gwch.net>
wrote:
>Hi Steve,
>
>you can configure bind acting as a slave, but telling your fc2-box to forward queries to external servers, if no
>result is given by your zone.
>
>so, your /etc/named.conf:
>
>
> more named.conf
>// generated by named-bootconf.pl
>
>options {
> directory "/var/named";
> /*
> * If there is a firewall between you and nameservers you want
> * to talk to, you might need to uncomment the query-source
> * directive below. Previous versions of BIND always asked
> * questions using port 53, but BIND 8.1 uses an unprivileged
> * port by default.
> */
> // query-source address * port 53;
>
> notify no;
> forward first;
> forwarders { ip-adress of a external dns-server1; ip-adress of a external dns-server2; } ;
>};
>this entry forwards queries to the forwarders, if no internal dns-server brings an appropriate answer......now,
>indicate your slave-zone in /etc/named.conf, eg:
>
>zone "your_zone" {
> type slave;
> file "/var/named/zonefile.hosts";
> masters {
> ip-adress-of-your-master-dns;
> };
> allow-transfer {
> ip-adress-of-this-slave; { key rndckey; };
> };
> };
>the option { key rndckey; }; has to be inserted, if your master-dns-server requires a password for the zone-download.
>if your master-dns doesn't require this, you can remove this option. otherwise, you will find a file in /etc/ called
>rndckey. insert the password in there. as i remember, by default w2k doesn't require one (but i can be wrong...) the
>password should be encrypted.
>
>if you've done this, make sure, /var/named has 775 to user and group named, otherwise, the update will fail.
>
Thanks. Your instructions were perfect. Unfortunately, I had to do this with
the Windows version of Bind and not Linux. I went through my customer's
inventory of old computers looking for one good enough to be a minimal Linux
DNS server (or enough parts to cobble one together). All were so old and tired
that I destroyed their hard disks and tossed them. I used the spare Windows
2K Pro workstation instead, installing Bind 9.3 and following your
instructions have a happy slave DNS server.
--
Steve
More information about the fedora-list
mailing list