| Mike Leone on 21 Feb 2005 22:38:40 -0000 |
|
Stephen Gran wrote:
> On Mon, Feb 21, 2005 at 04:00:03PM -0500, Mike Leone said:
>> Stephen Gran wrote:
>> > Ah right, you are correct, sorry about that. Yes, so the directory it
>> > writes the journal to has to be writable by user bind. Perhaps the
>> > $HOME setting is conflicting with the directory directive? What does
>> > `getent passwd bind` say?
>>
>> root@mail:/etc/bind# getent passwd bind
>> bind:x:107:108::/var/cache/bind:/bin/false
>
> So it should not be trying to write to /etc/bind, then - very odd.
> Aaha, it could be that it writes them to the directory where the zone
> file is! Do you keep your zone files in /etc/bind?
Good catch. Yes, I do. Because the other zone files listed in named.conf
were in /etc/bind (db.local, etc). So I should move them to /var/cache/bind?
>> All I want is to be able to type "nslookup the-dhcp-address", and come
>> back with a hostname. :-)
>> (and vice-versa)
>
> I do it for my parents LAN with the arrangement below:
>
> named.conf.local:
>
> -------------------------------------------
>
> key "rndc-key" {
> algorithm hmac-md5;
> secret "very-secret";
Is this the rndc.key that is created by the install of bind9, or one you
created yourself?
> };
>
> acl "home" { 192.168.0.0/24; 127.0.0.1;};
>
> controls {
> inet 127.0.0.1 port 953
> allow { 127.0.0.1; } keys { "rndc-key"; };
> };
>
> zone "forward.net" {
> type master;
> file "forward.net.db";
> allow-update { key "rndc-key"; };
> };
>
> zone "0.168.192.in-addr.arpa" {
> type master;
> file "168.192.db";
> allow-update { key "rndc-key"; };
> };
>
> -------------------------------------------
>
> named.conf.options:
>
> -------------------------------------------
>
> directory "/var/cache/bind";
> listen-on { 192.168.0.1; 127.0.0.1; };
>
> -------------------------------------------
>
> dhcpd.conf:
>
> -------------------------------------------
>
> ddns-update-style interim;
>
> key "rndc-key" {
> algorithm hmac-md5;
> secret "very-secret";
> };
>
> zone forward.net {
> primary 127.0.0.1;
> key "rndc-key";
> }
>
> zone 0.168.192.in-addr.arpa {
> primary 127.0.0.1;
> key "rndc-key";
> }
>
> -------------------------------------------
>
> And of course, very secret has to correlate with what is actually in
> the file rndc-key.
>
> Sorry I can't help more,
No, this looks good. I will give it a try later.
Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|