ne pas détruire named.conf.options

[anarcat]

Il ne faut pas détruire la conf named.conf de BIND quand on installe alternc, mais seulement rajouter un "hook" pour notre config.

[anarcat]

I used this patch...

--- ../alternc/templates/bind/named.conf        2006-05-03 21:56:11.000000000 -0400
+++ named.conf  2007-01-26 15:16:40.000000000 -0500
@@ -1,15 +1,6 @@
 //
-// %%warning_message%%
+// WARNING: Do not edit this file, edit the one in /etc/alternc/templates and launch alternc.install again.
 //
-acl "internal" {
-        {
-        %%bind_internal%%
-       127.0.0.1;
-        };
-};
-
-include "/var/alternc/bind/slaveip.conf";
-
 options {
        directory "/var/cache/bind";

@@ -52,4 +43,4 @@
 include "/etc/bind/rndc.key";

 // add entries for other zones below here
-include "/var/alternc/bind/automatic.conf";
+include "/etc/bind/named.conf.local";

We probably want to hook into named.conf.local a new /etc/alternc/named.conf or something like this. Note that the ACL probably doesn't need to be modified by alternc: it's a site policy that alternc doesn't depend on. We do, however, need automatic.conf.

[anarcat]

I think that, basically, all we need to do is to include automatic.conf and slaveip.conf. I don't see which other configuration we would need to apply to bind to have alternc working.

All the /var/alternc/bind directory should also be in /var/cache/alternc/bind (because that's what it is, a cache) or /etc/alternc/bind (because they are configuration files).

[anarcat]

j'aimerais vraiment voir ça.

[anarcat]

So, bottomline, here's what we have to do:

1. restore a proper named.conf (only in 0.9.8 and make that version a necessary upgrade step?)
2. add those include lines to named.conf.local:

   include "/var/cache/alternc/bind/slaveip.conf";
   include "/var/cache/alternc/bind/automatic.conf";
   include "/etc/alternc/bind.conf"
   

3. Regenerate/move slaveip.conf and automatic.conf
4. Make sure all scripts talk to those files in the proper place
5. create AlternC's bind.conf with something like this:

   acl "internal" {
           {
           %%bind_internal%%
           127.0.0.1;
           };
   };
   options { // not sure we can have two options sections...
           allow-query     { "internal"; };
           allow-transfer  { "allslaves"; };
   }
   

Not sure I can pull this off by 0.9.8...

[anarcat]

(In [2328]) stop overwriting named.conf

starting this release, only named.conf.options will be replaced (as we need to modify the options {} block and can't just add another one). We still install a named.conf, a fresh version from Lenny this time, so that we get a clean start.

Also get rid of the bind_internal parameter that is not really used or recommended, as it allows for authoritative nameservers to also serve recursive queries (which is bad practice).

See: #1025 Closes: #1104

[anarcat]

A clean solution would be to put the allow-* parameters in the zone declarations (they may already be there too), which would allow us to not overwrite named.conf.options either.

[anarcat]

Replying to anarcat:

A clean solution would be to put the allow-* parameters in the zone declarations (they may already be there too), which would allow us to not overwrite named.conf.options either.

They are not there, sample conf:

zone "laruebrique.org" { type master; file "/var/alternc/bind/zones/laruebrique.org"; allow-query { any; }; };

[anarcat]

(In [2544]) do not overwrite named.conf

we still overwrite named.conf.options and that is where we do our includes. that seems to be relatively acceptable upstream as they mark only named.conf as a conffile.

See: #1025

[anarcat]

On ne détruit plus named.conf, mais on détruit toujours named.conf.options. Pour éviter ça, il faudrait avoir les bon allow-transfer dans tous les zonefiles.