Some questions about Bind
Peter Dambier
peter at peter-dambier.de
Thu Jul 27 20:54:31 UTC 2006
DenisG wrote:
> Peter Dambier a écrit :
> ...
>
>>--->> #forwarders { 10.11.12.13; 10.11.12.14; };
>
> ...
>
>>--->> #forward first;
>>Dont enable forwarders. They are the reason why your own bind is
>>no faster than your ISP's.
>>Dont enable forward first. See above.
>
>
> Thanks for your answer. I found this myself just after sending my
> message. And it works much faster now.
>
>
>>Additionally you might replace
>>
>> > zone "." {
>> > type hint;
>> > file "/etc/bind/db.root";
>> > };
>>
>>with
>>
>>zone "." in {
>> type slave;
>>
>> masters { 192.228.79.201; 192.33.4.12; 192.5.5.241; 193.0.14.129; };
>>};
>>
>>Some people may frown on this but slaving a zone does use tcp not
>>udp so it cannot be used for amplification attacks. You definitly
>>prevent your network from sending bogus queries and save the root
>>a lot of traffic.
>
>
> I tried but resolving didn't work after that. Maybe the "in" shouldn't
> be here? Or the IPs are not good?
>
host_look("192.228.79.201","192.228.79.201","3236188105").
host_name("192.228.79.201","b.root-servers.net").
host_look("192.33.4.12","192.33.4.12","3223389196").
host_name("192.33.4.12","c.root-servers.net").
host_look("192.5.5.241","192.5.5.241","3221554673").
host_name("192.5.5.241","f.root-servers.net").
host_look("193.0.14.129","193.0.14.129","3238006401").
host_name("193.0.14.129","k.root-servers.net").
The IPs are ok.
zone "." in {
type slave;
file "DNSOP/cesidian-root.zone";
masters { 212.97.45.53; };
};
This is mine. It works. The real directory is
options {
directory "/var/named";
pid-file "/var/run/named.pid";
...
/var/named/DNSOP
And the bind user must be allowed to write into this directory.
file "root.zone";
means /var/named if you have the same options.
Kind regards
Peter and Karin
--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
More information about the bind-users
mailing list