Some hints on DNS config? [part 2]
Brad Knowles
brad at stop.mail-abuse.org
Thu Jul 14 11:04:23 UTC 2005
At 11:42 AM +0100 2005-07-14, Kimi Ostro wrote:
> What I ment was, where does the information about the caching service
> get put? do I just configure it as another nameserver in the zone
> file? or the authoratatives resolv.conf ? why I say this is because I
> dont understand how any-one/thing is suppose to get to the cache?
Caching is turned on by default. If you want caching, then all
you have to do is make sure you don't turn it off.
If you want to be more secure, and avoid having your server being
an open/caching recursive nameserver (which opens your server to
being used to DDoS other people, makes you more vulnerable to cache
poisoning, allows spammers to stealth-host a domain via your
nameserver, etc...), then what you need to do is to restrict caching
to just your local clients. Restricting caching to just local
clients is done by defining a restrictive IP network/netmask for
which you will allow such queries to come.
You should also check out the Team Cymru "Secure BIND Template"
at <http://www.cymru.com/Documents/secure-bind-template.html>.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the bind-users
mailing list