Slaving root zone?
Danny Mayer
mayer at gis.net
Wed Sep 5 22:53:50 UTC 2001
At 03:55 PM 9/5/01, Terrence Koeman wrote:
>OK, lets make things clear. I'm currently running MS-DNS, which slaves '.'
>perfectly.
[snip]
>The DNS server I'm running is a rootserver for this root and is also a full
>public resolver (recursive). It consists of 2 load-balanced servers and
>handles about 50 million queries a day.
>
>If I'm gonna change to BIND, it has to be able to slave the zone '.'. In
>_general_ it has to be able to slave the zone '.', because it is just
>another zone!
You hadn't explained that in your previous post. As soon as BIND 8.2.5 becomes
available, you'll need to upgrade.
You'll also need to take other measures to protect your system from attack,
including running named in it's own account without Administrators group or
privileges in that group, rather than the default LocalSystem, placing the BIND
files on an NTFS disk and adding ACL's to protect them, removing all other
applications that are not absolutely essential to running the system, removing
all protocols except TCP/IP and limiting queries and zone transfers.
There's a lot of other things you need to do, but that's a start.
Danny
More information about the bind-users
mailing list