Dns-operations mailing list

[Bryon Eldridge <barkerjr AT barkerjr.net>]

I operate the following three T2s:

99.97% (ns1.qc.ca) - kevhosting (not cheap, but high quality)
99.75% (ns1,3.ca.us) - linode fremont (stable servers, not the most
stable network)
98.18% (ns2,3.fr) - gandi paris (unmetered bandwidth, had storage
stability problems lately)

All are running Bind 9.7 on CentOS 5 on Xen VPSes that also run tor,
ntpd, apache, tomcat.

I am one of the operators who only slaves dns.opennic.glue, uses the
hints file for the root zone, and ignores any other zones.  I also run
ddos.pl for protection and write no logs.

Very simple config:

options {
  directory "/var/named/";
  listen-on-v6 { any; };
  allow-recursion { any; };
  allow-query { any; };
  allow-query-cache { any; };
  statistics-file "/tmp/named.stats";
};

zone "." IN {
  type hint;
  file "/sync/dns/root.hint";
};

zone "dns.opennic.glue" IN {
  type slave;
  file "/var/named/slaves/db.dns.opennic";
  masters { 75.127.96.89; 2001:470:1f0e:8a0::2; };
  notify no;
};


And I use this bash script I wrote to update the hints file in a daily cron 
job:

if [ "$1" ]
then
  dest=$1
else
  dest=/var/named/named.root
fi
dig . NS @root.opennic.glue > /tmp/opennic.raw
if [ "`grep 'status: NOERROR' /tmp/opennic.raw`" ]
then
  grep -v "^;" /tmp/opennic.raw | sort > /tmp/opennic.hint
  if [ `md5sum /tmp/opennic.hint | awk {'print $1'}` != `md5sum $dest
| awk {'print $1'}` ]
  then
    mv /tmp/opennic.hint $dest
    if [ -z "$2" ] or [ "$2" == "true" ]
    then
      service named reload
    fi
  fi
else
  echo Error updating hint file
  cat /tmp/opennic.raw
fi
rm /tmp/opennic.raw


Hope this helps!