Bind updating zone file

Each and every user connected to the internet, knowingly or unknowingly make hundreds of DNS queries each and every day. So in a way, internet is almost of no use without the system called as DNS. // // If you are going to set up an authoritative server, make sure you // understand the hairy details of how DNS works. zone "." ; /* Slaving the following zones from the root name servers has some significant advantages: 1. No spurious traffic will be sent from your network to the roots 3. When changing a key it is best to include the new key into the zone, while still signing with the old one, and then move over to using the new key to sign. (DNSKEY keytag: 19036 alg: 8 flags: 257) ;; Chase successful// $Free BSD$ // // Refer to the named.conf(5) and named(8) man pages, and the documentation // in /usr/share/doc/bind9 for more details. IN A 192.168.1.1 ; Machine Names localhost IN A 127.0.0.1 ns1 IN A 192.168.1.2 ns2 IN A 192.168.1.3 mx IN A 192.168.1.4 mail IN A 192.168.1.5 ; Aliases www IN CNAME $TTL 3600 1.168.192. A zone is signed using cryptographic keys which must be generated. The preferred method however is to have a strong well-protected Key Signing Key ( part of the file name is a five digit key ID. This is especially important when having more than one key in a zone. It is possible to make a script and a cron job to do this. Be sure to keep private keys confidential, as with all cryptographic keys.It also manifests itself as named being unable to create custom log files.Red Hat Security Enhanced Linux (SELinux) policy security protections : Red Hat have adopted the National Security Agency's SELinux security policy (see and recommendations for security , which are more secure than running named in a chroot and make use of the bind-chroot environment unnecessary .

Your ISP or hosting provider may delegate your own range of IP addresses, or you may have NAT setup for Private IP space you control, in this case you must configure Reverse DNS thru PTR records on your DNS server.

// // Do not forget to include the reverse lookup zone!

As documented at these zones: "." (the root), ARPA, IN-ADDR. Ask // your network administrator for the IP address of the responsible // master name server. It is always good idea to read CERT's security advisories and to subscribe to the Free BSD security notifications mailing list to stay up to date with the current Internet and Free BSD security issues.

The only way you can make use of internet without DNS, is to memorize all the numerical IP addresses associated with each and every domain(not only you will have to memorize, but will have remember which IP address is for which domain.

So its an impossible task, and lets not discuss it).

Leave a Reply