Doh: Lame server on '' (in ''?) , plus some security stuff.
D. J. Bernstein
75628121832146-bind at sublist.cr.yp.to
Tue Mar 21 20:20:14 UTC 2000
Lincoln Yeoh writes:
> Maybe it's time for someone to do a "Qmail" of BIND.
Guess what? http://cr.yp.to/dnscache/ad/security.html
The DNScache package comes with exactly the defaults you're looking for:
* The cache, dnscache, won't talk to unauthorized users.
* The server, tinydns, won't recurse and won't cache data.
* Zone transfers are rejected by default.
* dnscache runs chrooted under its own uid.
* tinydns runs chrooted under another uid.
All you'll have to do is
touch /service/dnscache/root/ip/192.228.128
echo 127.0.0.1 > /service/dnscache/root/servers/jaring.my
to have dnscache accept queries from 192.228.128.* and consult a server
on 127.0.0.1 for *.jaring.my information.
---Dan
More information about the bind-users
mailing list