[server-admins] Reverse DNS: access to BIND config files needed

[Jonathan Marsden]

On 01/15/2011 04:32 PM, Troy A. Griffitts wrote:

> I have added you to the named group, changed /etc/named.* files to
> g+w and given you you access for sudo /etc/rc.d/init.d/named
> start|et. al.

I forgot to email you a status update last night.  I set up bind on
crosswire.org and it runs.  It serves forward DNS for crosswire.org and
reverse for the little subnet of IPs you were allocated.  It seems to be
working, based on my limited tests, although I did nothing to "tell the
world" about the DNS server there, so for now it is just there for us to
test.

We do need to decide how best to do logging from BIND.  The template I
used sets up two different logs, one that usually goes to syslog as
local2 and would often be send to /var/log/named.log and
rotated/compressed by logrotate as normal, the other is for
security-related log entries that go to a separate file.

However, I can't see into /var/log at all (gave my mild fits when I
first ran bind and it failed, but I had no way to see *why* it failed
because I couldn't read the logs!), so I temporarily pointed both
logging channels to files under /var/named/data where I do have access.

Other than that, and testallthings.org (did you hear back from the
domain owners about that yet?), it's looking good.

As soon as we are comfortable with the setup, I will make
codns.computeroptions.net a secondary pulling its crosswire.org zone
data from crosswire.org, and add a reverse DNS secondary there for your
subnet too.  At that point we can tell the colo provider the reverse DNS
servers are crosswire.org and codns.computeroptions.net, and the email
issue should be fully taken care of.

Jonathan