DNS Cache works sort of! is their a better way of doing it?
Peter R. Atkin
peter at computer-facilities.com
Tue Aug 17 20:47:44 UTC 2004
I am running a Windows domain network 2000 Server with a linux firewall that
also acts as a transparent proxy and DHCP server.
Windows 2000 Server PDC (Active Directory / DNS) 10.0.0.1 the firewall is on
10.0.0.100 inside and 24/7 x.x.x.x on the outside
Local domain: local.cfu.com
External DNS are 192.168.2.10 / 192.168.2.5
I have setup a caching DNS server according to
http://www.ibiblio.org/pub/Linux/docs/howto/DNS-HOWTO this works but, I am
really not sure how well, may aim was to allow the XP machine to logon to
the PDC without having to go though the Internet first, before this script
was in place it could take anything upto 10mins to a workstation to logon now
it is 1-3 seconds.
So that aim seems to have been achieved, more by luck I fear then knowledge.
// Config file for caching only name server
//
// The version of the HOWTO you read may contain leading spaces
// (spaces in front of the characters on these lines ) in this and
// other files. You must remove them for things to work.
//
// Note that the filenames and directory names may differ, the
// ultimate contents of should be quite similar though.
options {
directory "/var/named";
// Uncommenting this might help if you have to go through a
// firewall and things are not working out. But you probably
// need to talk to your firewall admin.
// query-source port 53;
allow-recursion { 10.0.0.0/24; localhost; };
forward first;
forwarders {
10.0.0.1;
192.168.2.10;
192.168.2.5;
};
root-delegation-only exclude {
"ad"; "ar"; "biz"; "cr"; "cu"; "de"; "dm"; "id"; "lu";
"lv"; "md"; "ms"; "museum"; "name"; "no"; "pa"; "pf";
"se"; "sr"; "to"; "tw"; "us"; "uy"; };
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
key "rndc_key" {
algorithm hmac-md5;
secret
"c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};
zone "com" {
type delegation-only;
};
zone "net" {
type delegation-only;
};
zone "." {
type hint;
file "root.hints";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "pz/127.0.0";
I wish to know:
1) is this script safe, as I hacked it together from verious sources,
2) and is their any benfit for me to add a reverse lookup zone, if their is
how do it do it.
3) hows can i get the DNS get the information for the LAN PC's from my
windows 2000 server DNS server.
4) could this in any way make trouble to the Windows DNS server?
Hope these are not stupid questions i have only been doing this for a few
hours.
Kind Regards
Peter
More information about the bind-users
mailing list