Options for non-recursive servers
Bob McDonald
bmcdonaldjr at gmail.com
Tue Sep 22 17:24:14 UTC 2015
for non-recursive (authoritative only) servers I have:
options {
directory "/var/cache/bind";
allow-query { any; };
allow-query-cache { none; };
allow-recursion { none; };
listen-on { 127.0.0.1; };
listen-on { 172.26.99.117; };
listen-on-v6 { none; };
empty-zones-enable no;
recursion no;
masterfile-format text;
minimal-responses no,
transfer-source 172.26.99.117;
notify-source 172.26.99.117;
query-source address 172.26.99.117;
server-id "registered-NS-server-name";
zone-statistics full;
dnssec-enable yes;
dnssec-validation auto;
};
view "default" IN {
match-clients { any; };
include "/etc/bind/named.conf.default-zones";
};
view bind chaos {
match-clients { any; };
recursion no;
allow-query { 127.0.0.1; internal-networks; none; };
allow-recursion { none; };
zone authors.bind ch { type master; database "_builtin authors";
};
zone hostname.bind ch { type master; database "_builtin hostname";
};
zone version.bind ch { type master; database "_builtin version";
};
zone id.server ch { type master; database "_builtin id";
};
zone "." ch { type hint; file "/dev/null";
};
};
Note: There is actually only one interface with an inside address.. It's
NATed to the outside address (query-source). Several options are defaults
and specified for clarity.
Does anything jump out as being incorrect? Are there implications to
setting minimal-responses to yes?
Thanks,
Bob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150922/e4f40091/attachment.html>
More information about the bind-users
mailing list