[rescue] Tricking DNS

[Phil Brutsche]

Bill Bradford wrote:

> I *still* dont consider bind9 to be "production quality" for the following
> reasons:
> 
> 1.  No 'ndc'


No there isn't.  It's called rndc now.  Talks to the named process over 
a TCP connection.


> 2.  Last time I tried to install it, it kept bitching about no 
>     key generated , etc - and there was no clear info in the documentation
>     on *how* to do it


??? I've never had to generate a key when I setup bind9.  Well, except 
for when I got rndc running - it uses TLS to authorize & secure rndc 
connections, and you need to generate a key for that.


> 3.  Certainly not "drop-in" upgrade from BIND8.


It's a 99% compatbile drop-in upgrade.


> I just compile the latest BIND8 variant on all my boxes.  If anybody has
> suggestions on how to *easily* upgrade to BIND9 properly, please let me
> know (and I'm not a "bind newbie" by any means - i've been setting it up
>  and doing DNS at large ISPs and companies for *years*..)


I don't know about a "proper" way to upgrade, but this is the procedure 
I use:

1) "./configure <insert options here>; make; make install"
2) Copy the BIND8 named.conf to whereever BIND9 expects it.  Usually a 
non-issue for me because I manually configure BIND8 & BIND9 to look 
under /etc/bind.
3) Add "auth-nxdomain yes;" to the options section of named.conf - the 
default changed to "no" in BIND9 and this is just to make behavior as 
similar as possible.
4) Make sure I have $TTL lines in my zone files
5) Start BIND9

One thing that catches people with BIND9 is that it's very anal about 
the zone file format.  Generally speaking if BIND 8.2.4 & higher work 
with your zone files BIND9 won't have a problem.



Phil