Setting up DNS

Now that my X2100is up and running, I am slowly getting to getting it fully operational as I get bits and pieces of time. In the past I have relied upon others to provide me DNS services. I'm up for learning something new, so I thought I'd take a whack at it myself this time. The further I dig into this, the more I question the wisdom of the decision :)

DNS has been at the core of the Internet for decades. Solaris 10 ships with Bind 9, and given its history I am sure Bind 9 is reliable and scalable. However, IMHO, it's not the easist service to set up. The file format(s) leaves a lot to be desired. Thanks to the tip from non-blogging-heathen co-worker Roy, I am using h2n which is making the effort both simpler and a better learning experience. BTW, I think I have the O'Reilly DNS & Bind book at home. Although I am out on travel, I can picture the book somewhere in the lllooonnnnggg row of O'Reilly books on my bookshelf.

Does anyone have thoughts about configuring Bind through webmin? Any other ideas?


Make sure you take a look at Bug ID 6220986. This is likely going to affect your performance.

Posted by Alex on June 07, 2006 at 01:05 AM PDT #

I use djbdns on my Solaris boxes at work and home. Much easier to configure than BIND, more secure (BIND has a history of security holes almost as bad as sendmail) and much more efficient.

Posted by Fazal Majid on June 07, 2006 at 02:06 AM PDT #

Webmin works great for us that don't have the time or inclination to learn how to hack every darn piece of software included with Solaris. While I don't use Webmin often, it certain eases the learning curve when learning new software it supports.

However, do yourself a favor and grab the latest copy from as the bundled version is somewhat stale...and this latest version supports SMF and zones.

Did someone say zones? Sounds like a match made in heaven...

Posted by Wes Williams on June 07, 2006 at 02:10 AM PDT #

We gave the webmin interface for BIND to our non solaris admins, it worked well for them. One feature I liked, it actually checked if the address had already been used. I never got this working in vi :-)

BIND does have a lot of boilerplate and froth, but does h2n do TXT,SRV etc records, such as what is the kerberos realm for this zone? What is the address and port of the kdc, or ldapserver?

Unfortunately I think windows has a good punter dns interface. Just it is based on a crap OS!

There also are some LDAP2DNS apps around, but they need some effort and schema changes to get working.


Posted by Doug Scott on June 07, 2006 at 03:16 AM PDT #

I use BIND at home to reduce the "ad effect" in the content I view. If your interested, I documented the configuration process here: - Ryan

Posted by Matty on June 07, 2006 at 05:18 AM PDT #

DNS is one of the most critical pieces of you network infrastructure. Learn BIND like you know how to drink water. Dust off that O'Reilly book on DNS & BIND. It is excellent.

Posted by ux-admin on June 07, 2006 at 06:26 PM PDT #

Thanks everyone for the comments. I think i will try to stick with bind, and I think I'll take a look at the latest webmin as well. FYI, I did find my DNS & Bind book. Copyright 1992 and covers Bind 4.8.3. Whaddya think, time for an upgrade?

Why bind? I succumbed to peer pressure from those on the list and a buddy who said real men use bind.

Fazal, I'll take a look at djbdns as a backup.

Posted by John Clingan on June 08, 2006 at 09:39 AM PDT #

Actually, real men like Paul Mockapetris (the inventor of DNS) run Nominum ANS, but I digress. Let me know if you need amd64 binaries for djbdns/cdb/daemontools/ucspi-tcp.

Posted by Fazal Majid on June 08, 2006 at 05:09 PM PDT #

There's a nice BIND web GUI on Sourceforge. I haven't yet had the chance to use it but it looks very nice. I wanted to point out that it exists and might be worth looking at; this is not an endorsement, just a clue. ;)

Posted by Kimmo on June 08, 2006 at 07:12 PM PDT #

Post a Comment:
Comments are closed for this entry.

John Clingan


« April 2014