How can I launch a private Internet DNS server?
Sami Ait Ali Oulahcen
sami at marwan.ma
Fri Oct 16 11:05:25 UTC 2020
I've been looking for a way to implement this on nft or through
firewalld, but couldn't find anything comprehensive.
So if it does get updated, please let us know :)
On 10/16/20 10:34 AM, Michael De Roover wrote:
> Interesting article, thanks for sharing this! I'm slightly confused
> about some things in it though. Does this mean that any traffic will be
> put on the connection tracker and be treated as stateful unless we use
> CT --notrack, or can the kernel make a heuristic based on what's in the
> iptables rule (i.e. if it only covers a port or a network range, it
> must be stateless)?
>
> What constitutes a busy server? For a recursor it'd be easy to achieve
> high throughput, but does an authoritative name server for a single
> website need it?
>
> On Thu, 2020-10-15 at 20:42 -0500, Chuck Aurora wrote:
>> Absolutely right; I wrote this Linux-centric article about it:
>>
>> https://kb.isc.org/docs/aa-01183
>>
>> It has not been updated to cover nftables.
>>
>> Note also that this is a good reason NOT to use the NAT that
>> other posters have encouraged.
More information about the bind-users
mailing list