advertisement

Article:
  Implementing BIND on Mac OS X
Subject:   obviously no one checked this before posting!
Date:   2003-04-16 00:45:58
From:   anonymous2
can you remove the article as its full of mistakes and does not teach people the correct way of setting up bind 9.2.2 at all.


for example you have: ./configure -prefix=/usr/local/bind9 - it should be: ./configure --prefix=/usr/local/bind9


there is no mention of rndc which is the correct way to control and manage bind 9.


and last but not least, no security considerations at all.


basically if you follow these directions, you have a full recursive dns server for anyone in the world to use and abuse.


disappointed in such a bad article has flagship status on o'reilly!
Full Threads Oldest First

Showing messages 1 through 2 of 2.

  • Jason Deraleau photo Re: obviously no one checked this before posting! - author note
    2003-04-16 13:53:08  Jason Deraleau | O'Reilly Author [Reply | View]

    First off, thanks for pointing out the typo in the configure script's line. Sometimes the little things slip through :) As to the rest of your post, you bring up some very valid points:

    * I agree that rndc is the way that one should work with the named daemon of BIND 9, much like one /should/ use ndc when working with earlier versions. In my experience, they don't get used very often. While both rndc and ndc are useful tools, you can still call named directly and get the job done. That's not to discount these tools; by not using rndc, you do give up some nice features.

    The ability to remotely control your DNS server is a beautiful thing, but I hardly feel it is something to be covered in an article that is intended for an introductory audience. Since not using rndc poses little more than a warning in the logs, as well as for simplicity's sake, I have not covered it here. For those who are a little more comfortable with BIND and are looking to use this great tool, a "man -M /usr/local/bind9/man rndc" should get you started in the right direction.

    * As far as your statement about a lack of security considerations, I do not feel this is completely accurate. While I agree that recursion is an important topic, especially in light of the security flaw which was recently found (and since corrected) that affected recursive servers, saying that I didn't take security at all into consideration is unfair. I did in fact cover securing zone transfers.

    Recursion is a pertinent feature and definitely worth discussing, but I initially feared that i would go beyond the original scope of the article. In order to help alleviate your concern, I'm going to make a separate post in regards to describing recursion and how to secure recursion in named.

    Again, thanks for your help with the typo and your excellent feedback.

    The author, Jason Deraleau
  • Derrick Story photo obviously no one checked this before posting! --Ed Note
    2003-04-16 09:36:02  Derrick Story | O'Reilly AuthorO'Reilly Blogger [Reply | View]

    Hi. I don't think the situation is quite as dire as you portray in your talkback. I'm checking with the author now, and we'll follow up here within a few hours.

    Thanks for bringing this to our attention!

    -Derrick