BIND has always been a dark art. Recent configuration nuances made in the name of improving security have made things all the more fun.
Here is a simple checklist that can avoid trouble and downed websites. Note that on RHEL6/CentOS/ and clones the /var/named/chroot structure has been made obsolete.
- Before starting cp /etc/named.conf /root # pick any location but not /tmp because Linux cron cleans that up.
- After adding new zones, run named-checkconf on your newly edited file. Do NOT edit the original.
- Copy the names of new zone files into the named.conf file using cut and paste to avoid spelling errors.
- chown named:named <filename> newly created zone files. Failure to do so will result in a completely meaningless and impossible to fathom error message when you restart the named daemon.
- Use named-checkzone to check syntax in manually edited zone files. Consider using ISPCONFIG3 GUI to maintain these records.
- Use the same back up policy as above for named.conf when working on zone files.
- Update serial number in the zone file to insure fast propagation of DNS changes.
Follow this simple checklist to avoid a lot of unnecessary pain.