Forwarding to a Cache
Mark Andrews
Mark_Andrews at isc.org
Fri Feb 3 00:12:40 UTC 2006
> In article <drtaid$1jhv$1 at sf1.isc.org>,
> Kimi Ostro <kimimeister at gmail.com> wrote:
>
> > Hello,
> > I little while ago I posted to the list about setting up two authorative
> > servers and a caching server.
> >
> > My current config works, although not overly satisfied that it is "correct"
> :
> >
> > cache.kimi.home's named.conf:
>
> This configuration seems overly complicated. Why do you need views,
> when you could simply put your internal subnets in the allow-query ACL?
> Your ultimate-chaos view doesn't contain any useful zones and doesn't
> allow recursion, so what's the point of it?
>
> > options {
> > directory "/etc/namedb";
> > pid-file "/var/run/named/pid";
> > recursion yes;
> > allow-transfer { none; };
> > //allow-update { none; };
> > allow-notify { none; };
> > allow-query { none; };
> > allow-recursion { none; };
> > listen-on { 192.168.1.0/24; 127.0.0.1/32; };
>
> listen-on should contain specific IP's, not subnets.
No. It's a ACL.
> > listen-on-v6 { none; };
> > query-source address 192.168.1.210 port 5353;
> > //dnssec-enable yes;
> > };
> > /*
> > trusted-keys {
> > include "Kkimi.home.+005+15825.key";
> > };
> > */
> > logging {
> > channel "named_log" {
> > // send most BIND logs to a dedicated log file
> > file "/var/log/named.log" versions 10 size 500k;
> > severity dynamic;
> > print-category yes;
> > print-severity yes;
> > print-time yes;
> > };
> > channel "query_log" {
> > // query logs go to a separate file
> > file "/var/log/query.log" versions 10 size 500k;
> > severity debug;
> > print-severity yes;
> > print-time yes;
> > };
> > category default { named_log; };
> > category queries { query_log; };
> > //category lame-servers { null; };
> > };
> >
> > view "internal.kimi.home" {
> >
> > match-clients { 192.168.1.0/24; 127.0.0.1/32; };
> > allow-recursion { 192.168.1.0/24; 127.0.0.1/32; };
> > allow-query { 192.168.1.0/24; 127.0.0.1/32; };
> >
> > zone "." {
> > type hint;
> > file "master/root.cache";
> > };
> >
> > zone "localhost" in {
> > type master;
> > file "master/mst.localhost.db";
> > };
> >
> > zone "0.0.127.in-addr.arpa" in {
> > type master;
> > file "master/mst.loopback.rv";
> > };
> >
> > zone "kimi.home" in {
> > type forward;
> > forwarders { 192.168.1.212; 192.168.1.211; };
> > };
> >
> > zone "8.8.10.in-addr.arpa" in {
> > type forward;
> > forwarders { 192.168.1.212; 192.168.1.211; };
> > };
> >
> > };
> >
> > view "ultimate-chaos" chaos {
> >
> > recursion no;
> >
> > zone "." {
> > type hint;
> > file "/dev/null";
> > };
> >
> > zone "bind" {
> > type master;
> > file "master/named.bind";
> > };
> >
> > };
> >
> > I was wondering if it at all possible and better that the authorative name
> > servers actually forward all querys to the cache that aren't from my local
> > domain kimi.home?
>
> Why would the authoritative servers ever receive queries for names that
> aren't in the zones they host?
>
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
> *** PLEASE don't copy me on replies, I'll read them in the group ***
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list