bind server and /etc/resolv.conf ???
Joseph S D Yao
jsdy at cospo.osis.gov
Tue Mar 14 20:40:15 UTC 2000
On Tue, Feb 22, 2000 at 11:09:31AM -0600, Duane Cox wrote:
>
> When setting up a bind server 8.2.2 what is the best way to setup the /etc/resolv.conf file?
> only have itself listed as a nameserver? or have itself along with the slave ie ns2.domain.com
>
> shouldn't I only have myself listed because the server is cabable of looking to the root servers and finding the answer,
> why would I want to specify another dns sever to look to thats not a root server.
You must list all of the name servers that you want people "out there"
to know about. After all, YOU are the authoritative name server for
your domain, not your parent. Once servers get from you the list of
name servers, they'll forget what other servers say, because YOU are
authoritative, and not anybody else. [Except the other servers that
you list.]
> also, should i have bind only listening on the ip address(s) of eth0 and not to let it listen on the loopback ?
I would go with the default, which would be to let it listen on all
interfaces. In particular, if you believe that the host coming in on
the loopback has been compromised, well, that's the same as the name
server host itself. Why prohibit it?
--
Joe Yao jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
More information about the bind-users
mailing list