Re: Using bind for a local caching name server, is this configuration correct?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 01 Jul 2019 17:29:14 -0400
Sam Varshavchik <mrsam@xxxxxxxxxxxxxxx> wrote:

> Execute
> 
> rndc dump
> 
> If everything is set up correctly, and with the default settings,
> bind should dump its cache into /var/tmp/named_dump.db, or  
> /var/named/chroot/var/tmp/named_dump.db
> 
> You can grep through it for recently visited hostnames.

Thanks, this got me started, but the results were negative.  At least
that is what I think "Bad cache" and "SERVFAIL cache' mean.  So it
seems it isn't actually working.

The command is actually 
rndc dumpdb
and redhat has specified a dumpfile in /etc/named.conf as
/var/named/data/cache_dump.db

Would cache entries have the URL name with the IP address?


; Start view _default
;
;
; Cache dump of view '_default' (cache _default)
;
$DATE 20190701230228
;
; Address database dump
;
; [edns success/4096 timeout/1432 timeout/1232 timeout/512 timeout]
; [plain success/timeout]
;
;
; Unassociated entries
;
;       192.58.128.30 [srtt 573690] [flags 00000000] [edns 0/3/3/3/3] [plain 0/19] [ttl 764]
;       198.41.0.4 [srtt 621280] [flags 00000000] [edns 0/3/3/3/3] [plain 0/18] [ttl 764]
;       192.203.230.10 [srtt 564510] [flags 00000000] [edns 0/3/3/3/3] [plain 0/18] [ttl 764]
;       2001:500:9f::42 [srtt 622890] [flags 00000000] [edns 0/1/1/1/1] [plain 0/18] [ttl 764]
;       192.33.4.12 [srtt 615460] [flags 00000000] [edns 0/3/3/3/3] [plain 0/18] [ttl 764]
;       202.12.27.33 [srtt 599290] [flags 00000000] [edns 0/3/3/3/3] [plain 0/18] [ttl 764]
;       2001:503:ba3e::2:30 [srtt 587160] [flags 00000000] [edns 0/3/3/3/3] [plain 0/18] [ttl 764]
;       199.9.14.201 [srtt 575540] [flags 00000000] [edns 0/2/2/2/2] [plain 0/19] [ttl 764]
;       2001:7fd::1 [srtt 613040] [flags 00000000] [edns 0/3/3/3/3] [plain 0/18] [ttl 764]
;       2001:500:2d::d [srtt 800870] [flags 00000000] [edns 0/1/1/1/1] [plain 0/18] [ttl 764]
;       2001:500:2f::f [srtt 619190] [flags 00000000] [edns 0/4/4/4/4] [plain 0/18] [ttl 764]
;       193.0.14.129 [srtt 565040] [flags 00000000] [edns 0/3/3/3/3] [plain 0/18] [ttl 764]
;       2001:500:200::b [srtt 595920] [flags 00000000] [edns 0/2/2/2/2] [plain 0/19] [ttl 764]
;       2001:500:1::53 [srtt 616240] [flags 00000000] [edns 0/2/2/2/2] [plain 0/17] [ttl 764]
;       2001:503:c27::2:30 [srtt 589830] [flags 00000000] [edns 0/3/3/3/3] [plain 0/18] [ttl 764]
;       198.97.190.53 [srtt 587370] [flags 00000000] [edns 0/3/3/3/3] [plain 0/18] [ttl 764]
;       192.5.5.241 [srtt 617730] [flags 00000000] [edns 0/3/3/3/3] [plain 0/19] [ttl 764]
;       192.36.148.17 [srtt 527000] [flags 00000000] [edns 0/3/3/3/3] [plain 0/18] [ttl 764]
;       199.7.83.42 [srtt 541770] [flags 00000000] [edns 0/3/3/3/3] [plain 0/18] [ttl 764]
;       2001:dc3::35 [srtt 626880] [flags 00000000] [edns 0/3/3/3/3] [plain 0/18] [ttl 764]
;       2001:500:2::c [srtt 594560] [flags 00000000] [edns 0/3/3/3/3] [plain 0/18] [ttl 764]
;       192.112.36.4 [srtt 601630] [flags 00000000] [edns 0/3/3/3/3] [plain 0/19] [ttl 764]
;       199.7.91.13 [srtt 619680] [flags 00000000] [edns 0/3/3/3/3] [plain 0/19] [ttl 764]
;       2001:7fe::53 [srtt 564980] [flags 00000000] [edns 0/3/3/3/3] [plain 0/18] [ttl 764]
;       2001:500:a8::e [srtt 594560] [flags 00000000] [edns 0/3/3/3/3] [plain 0/18] [ttl 764]
;       2001:500:12::d0d [srtt 621350] [flags 00000000] [edns 0/3/3/3/3] [plain 0/19] [ttl 764]
;
; Bad cache
;
;
; SERVFAIL cache
;
;
; Start view _bind
;
;
; Cache dump of view '_bind' (cache _bind)
;
$DATE 20190701230228
;
; Address database dump
;
;
; [edns success/4096 timeout/1432 timeout/1232 timeout/512 timeout]
; [plain success/timeout]
;
;
; Unassociated entries
;
;
; Bad cache
;
;
; SERVFAIL cache

In the man page for named, it says

 It is not necessary to run named in a chroot environment if the Red
 Hat SELinux policy for named is enabled. When enabled, this policy is
 far more secure than a chroot environment. Users are recommended to
 enable SELinux and remove the bind-chroot package.

How do I tell whether I am using a chroot or SELinux?

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux