Configuring a Caching-Only Name Server

7.7.1 Problem

You want to configure a caching-only name server.

7.7.2 Solution

Configure the name server with a root hints file (or, if you run BIND 9, use the built-in root hints) and restrict the queries it handles to the addresses of authorized resolvers using the allow-query options substatement. For example:

acl internal { 192.168.0/24; };

options {
 directory "/var/named";
 allow-query { internal; };
};

// The root hints are compiled into a BIND 9 name server, so this zone 
// statement is optional on those name servers

zone "." {
 type hint;
 file "db.cache";
};

7.7.3 Discussion

You may want to set up a caching-only name server as authoritative for some internal zones, so that you can ensure that data in those zones is reliable. In this configuration, the name server will ignore records from your internal zones in answers from remote name servers, making it hard for a hacker to spoof data in those zones.

Since a caching-only name server's main function is to query other name servers and cache the results, follow the instructions in Section 7.15 to protect against spoofing.

7.7.4 See Also

Section 7.15 for instructions on protecting a name server from spoofing.

Getting Started

Zone Data

BIND Name Server Configuration

Electronic Mail

BIND Name Server Operations

Delegation and Registration

Security

Interoperability and Upgrading

Resolvers and Programming

Logging and Troubleshooting

IPv6



DNS & BIND Cookbook
DNS & BIND Cookbook
ISBN: 0596004109
EAN: 2147483647
Year: 2005
Pages: 220
Authors: Cricket Liu

Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net