Implementing BIND on Mac OS X
Subject:   Success !!!
Date:   2003-05-05 18:19:38
From:   anonymous2
I disagree on the fact that this article has significant flaws. It's easy and mostly "it works"...
Truth is, nobody faint at heart should anyway try to install bind9 on OS X just for the fun... :-)
Most articles around don't even tackle the problem in securing zone transfers. I myself often leech around transfering zones from other servers to check how they've configured some things and to be honest, most of the servers around don't have secured transfers.
Anyway, just to share my experience, when I found this article I was already downloading and compiling bind through the tools made by the fink project ( their stuff is quite good and it might be worth a mention.
It stormed through the installation and compiling process and it also installed another 15 packages. Some xml libraries and other stuff I'm not exactly sure if they where needed (mainly because I trust the author of this article that simply downloading and compiling from works).
Anyway I was also able to implement keys and rndc without much effort and I currently have 4 nameservers (2 on linux 1 on FreeBSD and 1 on OS X) that are working great in a matter of a day of work. I assume that the target audience of this article is not going to run bind9 for a large scale zone without even reading some books. Understanding all the fuss behind keys, rndc and acl classes is way out of the scope (my opinion) and it took me some time to "process" all the concepts.

Three questions for all of you BIND gurus around somewhere:

Question 1:
Can you give some advice on changing things so that named starts with uid named and not root? Where should I act and what privs should I give.

Question 2:
Can you point me out some good place (or some help directly) where I can find info on setting up zones in that kind of inverted master-slave configuration I've read about somewhere. I mean having a master server act as a slave for the rest of the world and a slave acting as master, so that I can have an in-house server on the OS X that IS the master, but queries will go mainly to the slave machine thinking that HE is the master.
You know, the idea of managing zones with bbedit is way too tempting... :-)

Question 3:
In an OS X Server enviroment, is there a way to use the nifty to start bind9 instead of bind8? I'm afraid it could cause some conflicts. Does that app rely on any script somewhere that we can modify. Since I'm also a brand new cocoa-newbie, It might be fun just to write a plug for those tools but I can't find any help on where to look for documentation on exapnding those utilities (assuming there is a way).

Hoping not to have driven the discussion too off-topic,

warm regards from italy,

