[svlug] BIND9 on EC2

Mark - Syminet mark at syminet.com
Tue Dec 2 10:40:56 PST 2014

Previous message: [svlug] BIND9 on EC2
Next message: [svlug] [svlug-announce] SVLUG Dec. 3rd meeting: Kevin Dankwardt on The Go Programming Language on Linux
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Scott, I feel the need to mention here that BIND9 is not in any way specific to Amazon's proprietary EC2.  

BIND9 has been running on servers everywhere regardless of platform, for many decades now.  
It's security history is... nearly less than acceptable... but I think this also might have something to 
do with the fact that it's what people believe the root servers run (and thus attack).  

(And I suspect they *do* run BIND9 - but a very tightly secured, locally compiled derivatives.) 

If EC2 decided to block the relevant ports (53) - then you should excuse EC2 immediately, 
because they are the source of all your problems.  

Or even better - and more on topic - is it possible that ISP's are starting to block "outside" recursive public nameservers 
entirely now?  Is this a trend?  ...is this where we've arrived?: 

Oh, the good ol' days... 

Mark

--
GPG: 2048R/966057BB






On Nov 27, 2014, at 5:10 PM, Scott DuBois <sdubois at linux.com> wrote:

> I'm setting up BIND9 on an EC2 instance and this is my first run at
> building a DNS server.
> 
> My FQDN host has the following options:
> 
> ns1.default-setting.com
> ns2.default-setting.com
> 
> I want to change this to:
> 
> ns1.sldubois.org
> ns2.default-setting.com (as fallback)
> 
> my zone file looks like this:
> 
> ubuntu at ip-172-31-2-0:/etc/bind$ cat db.sldubois.org
> ;
> ; BIND data file for sldubois.org interface
> ;
> $TTL    604800
> $ORIGIN sldubois.org
> @       IN      SOA     ns1.sldubois.org. sdubois.linux.com. (
>                            007         ; Serial
>                         604800         ; Refresh
>                          86400         ; Retry
>                        2419200         ; Expire
>                         604800 )       ; Negative Cache TTL
>        IN      A       54.67.14.140
> ;
> @       IN      NS      ns1.sldubois.org.
> @       IN      A       54.67.14.140 ; IP for Apache instance
> ;@      IN      AAAA    ::1          ; No IPv6 provided
> ns1     IN      A       54.67.14.140 ; IP for Apache instance
> 
> Do I need to specify ns2.default-setting.com in my zone file under
> ns1.sldubois.org. ?
> 
> OR
> 
> Do I really need to create a slave to my master DNS or can I just use
> the slave assigned by my host?
> 
> Searching on Google is giving me all kinds of answers that go all over
> the board and many do not cover setting up on EC2 as they prefer to have
> people use their Route 53 DNS service. This is fine and good but doesn't
> help in learning to set up DNS.
> 
> The following are the references I've been using:
> 
> https://www.digitalocean.com/community/tutorials/an-introduction-to-dns-terminology-components-and-concepts
> 
> http://jafty.com/blog/how-to-set-up-bind-dns-server-on-amazon-ec2/
> -- 
> Scott DuBois BSIT
> President EBLUG
> Freenode: Roguehorse
> 
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.svlug.org/archives/svlug/attachments/20141202/88e989b2/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://lists.svlug.org/archives/svlug/attachments/20141202/88e989b2/signature.bin

Previous message: [svlug] BIND9 on EC2
Next message: [svlug] [svlug-announce] SVLUG Dec. 3rd meeting: Kevin Dankwardt on The Go Programming Language on Linux
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list