critisise me ;-)
Simon Waters
Simon at wretched.demon.co.uk
Tue Dec 3 12:54:35 UTC 2002
Tom wrote:
>
> directory "/chroot/named/etc/namedb";
> cleaning-interval 120;
I'm curious why you felt the need to double this.
> allow-recursion { trusted; };
> blackhole { devnulled; };
I don't like to blackhole IP at layer 7, this belongs in the
routers IMHO, but you might regard it as security in depth, it
is a judgement call.
> interface-interval 0;
> allow-transfer { transhosts; };
> allow-query { trusted; };
auth-nxdomain no; //gets rid of irritating nag message!
I don't mix authoritative and caching where I can avoid it,
should additional-from-cache be "no" in such cases?
You have some options for controlling/restricting "silly" SOA
record values from the masters you slave, I don't have much
practical experience with these settings, but sound like they
may have save you grief! (or create grief) min-refresh-time etc.
We don't know what zones your handling but we assume you did
good with 0.0.127.in-addr.arpa (and kill spurious traffic to
10.in-addr.arpa, and other RFC1918 space).
More information about the bind-users
mailing list