Doh: Lame server on '' (in ''?) , plus some security stuff.

D. J. Bernstein 75628121832146-bind at
Tue Mar 21 20:20:14 UTC 2000

Lincoln Yeoh writes:
> Maybe it's time for someone to do a "Qmail" of BIND. 

Guess what?

The DNScache package comes with exactly the defaults you're looking for:

   * The cache, dnscache, won't talk to unauthorized users.
   * The server, tinydns, won't recurse and won't cache data.
   * Zone transfers are rejected by default.
   * dnscache runs chrooted under its own uid.
   * tinydns runs chrooted under another uid.

All you'll have to do is

   touch /service/dnscache/root/ip/192.228.128
   echo > /service/dnscache/root/servers/

to have dnscache accept queries from 192.228.128.* and consult a server
on for * information.


More information about the bind-users mailing list