The care and feeding of the BALUG DNS server.

• The BALUG DNS server should not interfere with other DNS service(s) or other non-BALUG services on the host (and vice versa)
• To avoid accidentally shutting down, signaling, etc. the incorrect DNS server, use the proper -balug commands/pathnames/scripts, e.g. for most normal operations one should only need to use:
  • /etc/rc.d/init.d/named-balug (with relevant argument(s))
  • /usr/local/sbin/*-balug* (but the above should generally be used instead)
  • FAILURE TO USE THE COMMANDS NOTED ABOVE MAY CLOBBER THE WRONG DNS SERVER
• Along those non-interference regards:
  • the BALUG DNS server should (generally) only use its designated IP address(es) - see: IP Addresses
  • it should not listen on other IPs (most notably for DNS)
  • the one exception so far, is it does listen for control (rndc) connection on a non-default port on 127.0.0.1 - again, do use the appropriate -balug commands to avoid accidentally operating on the incorrect DNS server.
• The BALUG DNS server runs using user:group balugdns:balugdns. Note that for security reasons, to the extent feasible (and as appropriate), user balugdns and group balugdns should not have access to alter any content on the host or have any special privilges on the host. Note that it may be permissible for user balugdns or group balugdns to alter some files where that is explicitly desired (e.g. PID files, statiistics dump files, cache dump files, slave files). Note also that in general, user balugdns or group balugdns needs read access to master zone files to be served (generally read access on files, and read and "execute"(/search) on directories and ancestor directories).
• in general, only superuser (UID 0, a.k.a. "root") should be able to alter BALUG DNS files (most notably master zone files). The BALUG DNS (running in chroot environment, with user and group balugdns) should mostly only be able to alter the few exception files (or contents of directories needed to support such), noted above (e.g. PID files, etc.).
• THE PRIMARY PURPOSE FOR THE BALUG DNS SERVER is for serving DNS zones of interest to BALUG and/or any other such hosting BALUG deems apropriate or wishes to do for folks/organizations (e.g. reciprocal or hosted slave services, etc.)

AT LEAST AT THE PRESENT TIME (2007-05-13), PLEASE NOTE THE FOLLOWING:

• Internet DNS has not yet been delegated to this DNS server
• This is subject to change - most current information can probably be found by:
  • having a look at file:/var/named/chroot-balug/var/named/master/balug.org
  • or of course, making the appropriate Internet DNS queries
• this host doesn't have access to complete balug.org. zone data (can't do a zone transfer), hence the zone data on this host is a guestimate of all known zone data based on responses to DNS queries; it is possible that some zone data may be missing.