Hello all,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The original Q was:
I'm setting up a DNS server on an Ultra Enterprise II, running 2.5.1,
with recommended & Y2K patches, 128mb RAM, 300 mHz processor. It will be the
primary DNS server for a web server hosting 3 domains on 3 separate ip #'s,
on another Ultra Enterprise II multi-homed host. I think I have it all
licked but for this one issue. My question is:
In the resolv.conf file:
• Do I define all domains that this machine is authoritative
for? - they are all referred to in /etc/named.boot
• Which nameservers?
My guess is:
dns% cat resolv.conf
domain abc.com
domain xyz.com
domain mno.net
nameserver [this machine's ip#]
nameserver [secondary dns server's ip #]
nameserver [tertiary dns server's ip #]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I got several answers which pointed me in the right direction (and a new
direction!!!) Many thanks to: Jochen Bern, Bismark Espinoza, Geoff Weller,
John Berninger, Leandro Guimaraens Faria Corcete Dutra, Blayne Puklich, Navi
Sirisena, & Dave Wreski.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
First I was pointed to a security problem in Solaris 2.5.1 in.named. It
seems that one can gain root access to a box running the out-of-the-package
version. This problem is detailed at:
http://www.cert.org/advisories/CA-98.05.bind_problems.html . I called Sun
tech support, and they pointed me to patch 103663-12 which fixes this
problem. Next the resolv.conf file: Only the domain in which the nameserver
lives is defined in the domain line. The other domains it serves are defined
with a search line. My final resolv.conf is:
dns% cat resolv.conf
domain abc.com
search abc.com xyz.com mno.net
nameserver [this machine's ip#]
nameserver [secondary dns server's ip #]
nameserver [tertiary dns server's ip #]
Again, my thanks to the above, the DNS works perfectly now,
Michael Cook
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:41 CDT