Sign In/My Account | View Cart  

advertisement

AddThis Social Bookmark Button

Article:
  Implementing BIND on Mac OS X
Subject:   Success !!!
Date:   2003-05-05 18:19:38
From:   anonymous2
I disagree on the fact that this article has significant flaws. It's easy and mostly "it works"...
Truth is, nobody faint at heart should anyway try to install bind9 on OS X just for the fun... :-)
Most articles around don't even tackle the problem in securing zone transfers. I myself often leech around transfering zones from other servers to check how they've configured some things and to be honest, most of the servers around don't have secured transfers.
Anyway, just to share my experience, when I found this article I was already downloading and compiling bind through the tools made by the fink project (http://fink.sourceforge.net/)... their stuff is quite good and it might be worth a mention.
It stormed through the installation and compiling process and it also installed another 15 packages. Some xml libraries and other stuff I'm not exactly sure if they where needed (mainly because I trust the author of this article that simply downloading and compiling from isc.org works).
Anyway I was also able to implement keys and rndc without much effort and I currently have 4 nameservers (2 on linux 1 on FreeBSD and 1 on OS X) that are working great in a matter of a day of work. I assume that the target audience of this article is not going to run bind9 for a large scale zone without even reading some books. Understanding all the fuss behind keys, rndc and acl classes is way out of the scope (my opinion) and it took me some time to "process" all the concepts.


Three questions for all of you BIND gurus around somewhere:


Question 1:
Can you give some advice on changing things so that named starts with uid named and not root? Where should I act and what privs should I give.


Question 2:
Can you point me out some good place (or some help directly) where I can find info on setting up zones in that kind of inverted master-slave configuration I've read about somewhere. I mean having a master server act as a slave for the rest of the world and a slave acting as master, so that I can have an in-house server on the OS X that IS the master, but queries will go mainly to the slave machine thinking that HE is the master.
You know, the idea of managing zones with bbedit is way too tempting... :-)


Question 3:
In an OS X Server enviroment, is there a way to use the nifty ServerSettings.app to start bind9 instead of bind8? I'm afraid it could cause some conflicts. Does that app rely on any script somewhere that we can modify. Since I'm also a brand new cocoa-newbie, It might be fun just to write a plug for those tools but I can't find any help on where to look for documentation on exapnding those utilities (assuming there is a way).


Hoping not to have driven the discussion too off-topic,


warm regards from italy,
rdm
Full Threads Oldest First

Showing messages 1 through 1 of 1.

  • Success !!!
    2003-05-31 16:18:58  macmartin [View]

    I agree that this article is pretty much all-right an just enough for the first try-outs on DNS.
    I think seriously using such powerful tools like BIND of course need some deeper understanding on the theory behind it such as TCP/IP, ISO-OSI etc.

    Concerning your questions I can only give it a try (any reactions will be appreciated)

    Q1:
    No idea whatīs the reason for this wish
    - on my system (10.2.6) there is not even a user "named" in the passwd by default
    It might work, if you would chown named the named - file and set the SUID-BIT:
    # sudo chown named /usr/sbin/named
    # sudo chmod u+s /usr/sbin/named
    Plese post, whether this works.
    Of course the user "named" must have sufficient rights to do the job well.

    Q2:
    I donīt know. whether I got you right, because it seems so simple to me.
    Just tell the client-machines that their DNS-Server is the machine (your slave who acts as master) that you want to do the main work of name resolution.
    This should make them ask the slave.

    Cantīt say anything about Mac OS X Server, since I donīt have it.

    Hope this will push the discussion.
    By the way:
    If anyone is interested in some occasional email-exchange on Howto configure Mac OS X please post

    I myself have configured BIND 8.3.4 mainly with the help of an article about BIND on SuSE Linux.
    If only someone could tell me what the
    named[1024]: Forwarding source address is [0.0.0.0].49246
    in the system.log means, Doesnīt seem to be correct.

    greetings from germany
    macmartin