DNS - BIND named auf ML aktiviert

[FritzS]

Hallo,
nur des Spaßes wegen habe ich BIND named auf meinem MBP (mit ML 10.8.2) aktiviert.
Er läuft derzeit nur als Cache only und hat die Namensauflösung meines MBP's komplett übernommen (als DNS ist in den Netzwerkeinstellungen nur 127.0.0.1 eingetragen).
Ich verwende keine Forewarder.

Ich verwende die bereits auf ML vorhandenen Config und Zone Files und habe diese etwas modifiziert.

Anhand des named.log und queries.log sehe ich, dass die Namensaulösung funktioniert.

Die Anleitungen und andere nützliche Informationen dazu fand ich auf:

http://comodin.com/dns-server-in-mac-os-x-anschalten.html
http://macdevcenter.com/pub/a/mac/2003/04/15/bind.html
http://www.macshadows.com/kb/index.php?title=How_To:_Enable_BIND_-_Mac_OS_X's_Built-in_DNS_Server
https://de.wikipedia.org/wiki/BIND

http://web.mit.edu/rhel-doc/4/RH-DOCS/rhel-rg-de-4/s1-bind-rndc.html

http://www.iana.org/domains/root/servers
http://www.internic.net/zones/named.root

Die IPv6 root DNS sind für mich leider noch nicht erreichbar, das merkt man im Log:

06-Dec-2012 13:32:35.958 error (host unreachable) resolving 'udns1.ultradns.net/A/IN': 2610:a1:1014::1#53
06-Dec-2012 13:32:35.958 error (host unreachable) resolving 'udns1.ultradns.net/AAAA/IN': 2610:a1:1014::1#53
06-Dec-2012 13:32:35.958 error (host unreachable) resolving 'udns2.ultradns.net/A/IN': 2001:502:4612::1#53
06-Dec-2012 13:32:35.959 error (host unreachable) resolving 'udns2.ultradns.net/AAAA/IN': 2001:502:4612::1#53
06-Dec-2012 13:32:35.959 error (host unreachable) resolving 'udns1.ultradns.net/A/IN': 2001:502:4612::1#53
06-Dec-2012 13:32:35.959 error (host unreachable) resolving 'udns1.ultradns.net/AAAA/IN': 2001:502:4612::1#53

Eine etwas sonderbare Meldung

06-Dec-2012 13:14:32.882 success resolving 'blackhole-1.iana.org/AAAA' (in 'iana.org'?) after reducing the advertised EDNS UDP packet size to 512 octets
06-Dec-2012 13:14:32.883 success resolving 'blackhole-2.iana.org/A' (in 'iana.org'?) after reducing the advertised EDNS UDP packet size to 512 octets
06-Dec-2012 13:14:32.883 success resolving 'blackhole-2.iana.org/AAAA' (in 'iana.org'?) after reducing the advertised EDNS UDP packet size to 512 octets

Den "Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones" muss ich auch noch nachgehen

06-Dec-2012 13:14:26.335 received SIGHUP signal to reload zones
06-Dec-2012 13:14:26.335 loading configuration from '/private/etc/named.conf'
06-Dec-2012 13:14:26.335 reading built-in trusted keys from file '/private/etc/bind.keys'
06-Dec-2012 13:14:26.336 using default UDP/IPv4 port range: [49152, 65535]
06-Dec-2012 13:14:26.336 using default UDP/IPv6 port range: [49152, 65535]
06-Dec-2012 13:14:26.339 sizing zone task pool based on 3 zones
06-Dec-2012 13:14:26.340 Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
06-Dec-2012 13:14:26.341 reloading configuration succeeded
06-Dec-2012 13:14:26.343 reloading zones succeeded

Stop&Start
bash-3.2# launchctl stop org.isc.named
bash-3.2# launchctl start org.isc.named

06-Dec-2012 13:48:41.597 shutting down
06-Dec-2012 13:48:41.597 stopping command channel on 127.0.0.1#953
06-Dec-2012 13:48:41.624 no longer listening on 127.0.0.1#53
06-Dec-2012 13:48:41.624 no longer listening on 10.0.0.3#53
06-Dec-2012 13:48:41.644 exiting
06-Dec-2012 13:48:41.992 zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
06-Dec-2012 13:48:41.993 zone localhost/IN: loaded serial 42
06-Dec-2012 13:48:41.993 managed-keys-zone ./IN: loaded serial 0
06-Dec-2012 13:48:41.993 running

 

[FritzS]

Noch zwei Dokumentationen:
https://www.isc.org/software/bind/documentation/arm94

http://www.zytrax.com/books/dns/ch7/logging.html

 

[FritzS]

named.conf

meine named.conf ... wenn hier Jemand einen Fehler darin erkennt oder einen Verbesserungsvorschlag dazu hat, bitte hier posten

//
// Include keys file
//
include "/etc/rndc.key";

// Declares control channels to be used by the rndc utility.
//
// It is recommended that 127.0.0.1 be the only address used.
// This also allows non-privileged users on the local host to manage
// your name server.

//
// Default controls
//
controls {
    inet 127.0.0.1 port 953 allow {any;}
    keys { "rndc-key"; };
};

options {
    directory "/var/named";
    /*
     * If there is a firewall between you and nameservers you want
     * to talk to, you might need to uncomment the query-source
     * directive below.  Previous versions of BIND always asked
     * questions using port 53, but BIND 8.1 uses an unprivileged
     * port by default.
     */
    // query-source address * port 53;
};
// 
// a caching only nameserver config
// 
zone "." IN {
    type hint;
    file "named.ca";
};

zone "localhost" IN {
    type master;
    file "localhost.zone";
    allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "named.local";
    allow-update { none; };
};

logging {
       
        channel _default_log  {
                file "/Library/Logs/named/default.log" versions 3 size 1m;
                severity info;
                print-time yes;
        };
        category default {
                _default_log;
        };

        channel queries_log {
                file "/Library/Logs/named/queries.log" versions 3 size 1m; 
                severity info;
                print-time yes;
        };
        category queries   {
            queries_log;
        }; 


        channel resolver_log {
                file "/Library/Logs/named/resolver.log" versions 3 size 1m; 
                severity info;
                print-time yes;
        }; 
        category resolver    {
            resolver_log;
        };

        channel client_log {
                file "/Library/Logs/named/client.log" versions 3 size 1m; 
                severity info;
                print-time yes;
        }; 
        category client    {
            client_log;
        };

};