Implementing BIND on Mac OS X
Subject:   Re: obviously no one checked this before posting! - author note
Date:   2003-04-16 13:53:08
From:   jldera
Response to: obviously no one checked this before posting!

First off, thanks for pointing out the typo in the configure script's line. Sometimes the little things slip through :) As to the rest of your post, you bring up some very valid points:

* I agree that rndc is the way that one should work with the named daemon of BIND 9, much like one /should/ use ndc when working with earlier versions. In my experience, they don't get used very often. While both rndc and ndc are useful tools, you can still call named directly and get the job done. That's not to discount these tools; by not using rndc, you do give up some nice features.

The ability to remotely control your DNS server is a beautiful thing, but I hardly feel it is something to be covered in an article that is intended for an introductory audience. Since not using rndc poses little more than a warning in the logs, as well as for simplicity's sake, I have not covered it here. For those who are a little more comfortable with BIND and are looking to use this great tool, a "man -M /usr/local/bind9/man rndc" should get you started in the right direction.

* As far as your statement about a lack of security considerations, I do not feel this is completely accurate. While I agree that recursion is an important topic, especially in light of the security flaw which was recently found (and since corrected) that affected recursive servers, saying that I didn't take security at all into consideration is unfair. I did in fact cover securing zone transfers.

Recursion is a pertinent feature and definitely worth discussing, but I initially feared that i would go beyond the original scope of the article. In order to help alleviate your concern, I'm going to make a separate post in regards to describing recursion and how to secure recursion in named.

Again, thanks for your help with the typo and your excellent feedback.

The author, Jason Deraleau