SUMMARY: BIND or Solaris named?

From: John Horne (J.Horne@plymouth.ac.uk)
Date: Wed Nov 04 1998 - 06:04:17 CST


Hello all,

Well here's the summary...

The original question was:
>
> Shortly I will be working on a Sun system helping support our DNS zone
> files. At present I have nothing to do with it, and only run a caching
> DNS on our other Suns. First question is if anyone can give me a
> pointer to a good DNS FAQ, second is what is the preference amongst
> sys admins - using BIND or Suns in.named? What are the pros and
> cons of them? My vague recollections are that BIND had problems with
> Solaris (or was it SunOS?), and that in.named didn't work as well as
> BIND - how/why I don't know.
>

I received a *lot* of replies (mainly from the mailing list I noted, but
certainly some from the newsgroup). I was also pleased to hear that there
were those amongst us about to go through the same process as me in
installing BIND (a bit of a confidence boost - thanks guys and gals!)

I didn't receive any flames, RTFM's or whatever. Should I have? Well it would
have been easy for anyone to have said "Look at your system startup and
*see* what it's using." (i.e. BIND version 4). No one did; all I got was a
lot of great help. A real tribute to you all. Many thanks. (I admit I
*should* have looked at the startup :-) )

The short answer to the question is that the Sun/Solaris in.named *is* BIND.
It's just an old version - version 4.9.4 on our systems I think. Everyone
recommended upgrading from this to BIND version 8. It seems that BIND is
currently in 2 states - BIND version 4, which is now only supported in
respect of security patches, and BIND version 8 which is fully supported.
This latter version (BIND 8) offers far more features than the older BIND 4,
and is less prone to the security problems as well. If you aren't using BIND
yet, or just using caching-servers as we are at the moment, then change to
BIND 8. If you are upgrading then I'd still agree with everyone that changing
to BIND 8 would be very much recommended. I gather that there are some
serious security problems with the older version of BIND, and, thus,
upgrading is again recommended.

I was informed that Solaris 2.7 (Solaris 7) ships with BIND 8.1.2.

A book recommendation from a couple of sys-admins was:
BIND and DNS by Paul ALbitz & Cricket Liu, O'reilly and Associates, 3rd
Edition. "It more than covers 4.94 and up to version 8.1.2." - quoted from
one message I received. I haven't got it, so no comment.

Two questions:
1) What happened to BIND versions 5, 6 and 7? Experimental?
2) What other naming daemon software is there for Sun/UNIX systems? I found a
   site that listed the equivalent BIND software for other hardware (Mac's,
   NT, etc), but it seems that everyone who is running a DNS on a Sun is using
   BIND. No-one recommended anything else.

More details for those interested:

First off we currently run caching-only servers on 4 Suns, 2 running Solaris
2.5.1, and 2 running 2.6. I shall (next week!?) start to look at our main DNS
system - I still don't even have an account on it! So don't ask what it's
running - or running on!

Bind 8 is available from the Internet Software Consortium - http://www.isc.org
I would advise grabbing a copy of the 8.1.2 contrib gzip file, and the doc
file as well.

I was warned about overwriting Sun's own resolver libraries with BIND - this
can cause other things to fail. No problem here though - the installation
installs an nslookup-helper file in /usr/lib, the nslookup, dig, etc commands
in /usr/bin, the named, named-xfer daemons in /usr/sbin, and the rest in
/usr/local/bind. No problems with this at all. You can change these locations
if you need to - read the docs. I also changed our /etc/init.d/inetsvc (I
think) file to startup 'named' rather than 'in.named' at boot time - how you
do this is up to you. (You could delete in.named and create a link from named;
rename named to in.named, or whatever.)

The caching servers were running the old BIND 4 (in.named), and using
/etc/named.boot as their configuration files. This has changed at BIND 8. The
config files are /etc/named.conf, and the syntax is completely new. However,
for a caching server it was easy enough to get them going again under BIND 8.
When you get in to what's new at BIND 8 the config file becomes very
configurable, and is quite good! We've changed our logging and security even
for these systems - it's a lot tighter :-)

For configuration file syntax the BIND 8 source file src/bin/named/named.conf
contains lots of examples. There is also a perl script (in the same
directory) for converting BIND 4 config files to BIND 8 - I didn't use this,
so can make no comment on it.

COMPLAINT:
Well being an old duffer at this computing business I still like a good
postscript manual that I can print out and read whenever - i.e. at home, in
the bath, etc, etc :-) :-) No such manual - or at least that I could find.
The documentation, from ISC and the other web sites, all relates to BIND 4,
and you have to pick out the bits that refer to BIND 8. The html and man
pages are, as far as I am aware, up to date - the web pages include the new
config file syntax. Eventually I ran html2ps to get all the web pages. I
printed out the man pages, but they didn't come out too well since it seems
to require 'groff' - after some frigging around with nroff, tmac, a2ps, cat,
etc, etc I still couldn't get them to come out nicely on the screen or
printer. (I had the same problems with INN !!)

Having said all that, you *will* need the documentation in order to configure
BIND.

Some people gave me some pointers to other web sites for info (thanks again).
A lot still refers to BIND 4. As always some sites are better than others -
that's for you to decide. Personally we will be using the dnswalk and nslint
tools mainly.

First site must be ISC at http://www.isc.org you will find links to other
sites here as well.
Another good one is http://www.dnsrd.com (recommended)

Others you may want to look at include:
http://sun.icsnet.com/faq/tipsheet_dns.html
http://www.domtools.com/dns/ (this looks good, I haven't fully
                                              checked it out yet myself)
http://www.bind.com
http://www.stokely.com (Looks good; haven't fully
                                              checked it out yet)

I would also recommend grabbing (and reading) the DNS FAQ. Not necessarily
related to BIND 8, but it answers some DNS questions I had.
(http://www.users.pfmc.net/~cdp/cptd-faq/)

That's it! :-) Good luck to you all if you're going to be DNS and BIND'ing
like me in the near future.

John.

-----------------------------------------------------------------------------
John Horne E-mail: J.Horne@plymouth.ac.uk
Academic and Information Services Phone : +44 (0) 1752 - 233914
University of Plymouth, UK Fax : +44 (0) 1752 - 233919



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:51 CDT