I l@ve RuBoard |
7.7 Configuring a Caching-Only Name Server7.7.1 ProblemYou want to configure a caching-only name server. 7.7.2 SolutionConfigure the name server with a root hints file (or, if you run BIND 9, use the built-in root hints) and restrict the queries it handles to the addresses of authorized resolvers using the allow-query options substatement. For example: acl internal { 192.168.0/24; }; options { directory "/var/named"; allow-query { internal; }; }; // The root hints are compiled into a BIND 9 name server, so this zone // statement is optional on those name servers zone "." { type hint; file "db.cache"; }; 7.7.3 DiscussionYou may want to set up a caching-only name server as authoritative for some internal zones, so that you can ensure that data in those zones is reliable. In this configuration, the name server will ignore records from your internal zones in answers from remote name servers, making it hard for a hacker to spoof data in those zones. Since a caching-only name server's main function is to query other name servers and cache the results, follow the instructions in Section 7.15 to protect against spoofing. 7.7.4 See AlsoSection 7.15 for instructions on protecting a name server from spoofing. |
I l@ve RuBoard |