Caching only DNS
Niall O'Reilly
Niall.oReilly at ucd.ie
Fri Jul 18 09:32:53 UTC 2008
On Fri, 18 Jul 2008 09:24:53 +0100, khurram <khurram at worldcall.net.pk>
wrote:
> allow-query { localhost; };
The above locks out other machines.
You tell it to serve only localhost; that's what it does!
> forwarders { my-local-dns-primary's ip ; my-local-dns-slave's ip; };
> forward only;
Why would you want to do this?
You might as well do without your new box, and leave the
work to the other two, as configuring like this is forcing
work on them.
> query-source address * port 53;
A fixed port makes your server (and so indirectly its clients)
subject to the vulnerability which has been all over the news
for the last week or so. You should let it use a random port,
and make sure your firewall will accommodate this.
Niall O'Reilly
More information about the bind-users
mailing list