If the service did not start, you should look at the /var/log/messages file to read the debug output of BIND. If you do not find the error, you can use the named-checkconf program and named-checkzone to check your configuration.
Through the bind-utils package, you can use many utilities and therefore, test your DNS (nslookup or dig). To use them, you should add the DNS server's IP, preceded by the word “nameserver”, in your local /etc/resolv.conf file.
BIND's configuration is not done yet, since rndc is not yet configured to work in all your network. rndc is the name server control utility. You can, for example, have statistics (using the rndc stats command), or you can ask for status (using the rndc status command). For more information about this powerful command, you should read the man page: rndc.
rndc communicates with the nameserver over a TCP connection, sending commands authenticated with digital signatures; you should change the default key using the /usr/sbin/new_key.pl command. If you installed the caching-nameserver RPM package, a default rndc configuration will be done and you can use it. If not, you will have to add the key which is in the /etc/rndc.conf file to your /etc/named.conf file.
The control statement declares control channels to be used by system administrators in order to affect the operation of the local nameserver. These control channels are used by the rndc utility, to send commands to and retrieve non-DNS results from a nameserver. To modify it, you should not select the Control Interface Options icon. Indeed, Webmin removes the key options, which is in the “controls” statement. You should modify the /etc/named.conf file using a text editor. Here is an example of local-only rndc use with key:
// secret must be the same as in /etc/rndc.conf
key "key" {
algorithm hmac-md5;
secret "cOb0cEDYZIQKNXDjnRJLmcTuZiXADGfVBahwsAnOd0yJbTmzPeHWO0LTTeCt";
};
controls {
inet 127.0.0.1
allow { 127.0.0.1;
}
keys { "key";
};
};
For security reasons, the Mandrake Linux BIND server is started with limited user privileges. If you create a secondary DNS in your network, the BIND server could have to create its own files using the master DNS. That's why you should change the owner of the “zones files” created by Webmin. The command to use is chown named -R /var/named/.
If you want to do more with BIND, it is strongly recommended you read the BIND 9 Administrator Reference Manual, which is available in PDF format on the official BIND web site. More documentation is available in HTML format, if you click on Search docs, in the upper-right corner of Webmin's Network Configuration or BIND DNS Server page. At their bottom, there are a lot of very interesting Internet links. Notice that the Reference Manual is available in HTML if you click on bind-9.2.0/html/Bv9ARM.html.
For all the options which are not detailed in this document, we advise you to leave the default ones, unless you really know what you are doing. Each time you change the configuration, you should click on Apply Changes to verify that the server configuration is not broken by your change.
Logging and Errors: you can add logging channels or categories to allow you to sort out your logs the way you want to;
Access Control Lists: the ACL statement assigns a symbolic name to an address match list (the IPs are separated by a “space”);
Forwarding and Transfers: the forwarding facility can be used to create a large, site-wide cache on a few servers, therefore reducing traffic over links to external nameservers. It can also be used to allow queries by servers that do not have direct access to the Internet, but wish to look up exterior names anyhow. Forwarding occurs only on those queries for which the server is not authoritative and does not have the answer in its cache.