Forwarding to a Cache

Kimi Ostro kimimeister at gmail.com
Thu Feb 2 15:50:43 UTC 2006 

Hello,
I little while ago I posted to the list about setting up two authorative
servers and a caching server.

My current config works, although not overly satisfied that it is "correct":

cache.kimi.home's named.conf:
options {
  directory "/etc/namedb";
  pid-file "/var/run/named/pid";
  recursion yes;
  allow-transfer { none; };
  //allow-update { none; };
  allow-notify { none; };
  allow-query { none; };
  allow-recursion { none; };
  listen-on { 192.168.1.0/24; 127.0.0.1/32; };
  listen-on-v6 { none; };
  query-source address 192.168.1.210 port 5353;
  //dnssec-enable yes;
};
/*
trusted-keys {
  include "Kkimi.home.+005+15825.key";
};
*/
logging {
 channel "named_log" {
 // send most BIND logs to a dedicated log file
  file "/var/log/named.log" versions 10 size 500k;
  severity dynamic;
  print-category yes;
  print-severity yes;
  print-time yes;
 };
 channel "query_log" {
 // query logs go to a separate file
  file "/var/log/query.log" versions 10 size 500k;
  severity debug;
  print-severity yes;
  print-time yes;
 };
 category default { named_log; };
 category queries { query_log; };
 //category lame-servers { null; };
};

view "internal.kimi.home" {

 match-clients { 192.168.1.0/24; 127.0.0.1/32; };
 allow-recursion { 192.168.1.0/24; 127.0.0.1/32; };
 allow-query { 192.168.1.0/24; 127.0.0.1/32; };

 zone "." {
  type hint;
  file "master/root.cache";
 };

 zone "localhost" in {
  type master;
  file "master/mst.localhost.db";
 };

 zone "0.0.127.in-addr.arpa" in {
  type master;
  file "master/mst.loopback.rv";
 };

 zone "kimi.home" in {
  type forward;
  forwarders { 192.168.1.212; 192.168.1.211; };
 };

 zone "8.8.10.in-addr.arpa" in {
  type forward;
  forwarders { 192.168.1.212; 192.168.1.211; };
 };

};

view "ultimate-chaos" chaos {

 recursion no;

 zone "." {
  type hint;
  file "/dev/null";
 };

 zone "bind" {
  type master;
  file "master/named.bind";
 };

};

I was wondering if it at all possible and better that the authorative name
servers actually forward all querys to the cache that aren't from my local
domain kimi.home?

No doubt the answer will be why change what works.

Thanks once again.
--
Kimi

More information about the bind-users mailing list