Some questions about Bind

Peter Dambier peter at peter-dambier.de
Wed Jul 26 17:04:31 UTC 2006


options {

         # The directory statement defines the name serverŽs
         # working directory

         directory "/var/named";

         # The forwarders record contains a list of servers to
         # which queries should be forwarded. Enable this line and
         # modify the IP-address to your provider's name server.
         # Up to three servers may be listed.

--->>   #forwarders { 10.11.12.13; 10.11.12.14; };

         # Enable the next entry to prefer usage of the name
         # server declared in the forwarders section.

--->>   #forward first;

Dont enable forwarders. They are the reason why your own bind is
no faster than your ISP's.

Dont enable forward first. See above.


That alone should speedup your bind tremenduously.

Additionally you might replace

 > zone "." {
 >          type hint;
 >          file "/etc/bind/db.root";
 > };

with

zone "." in {
   type slave;
   file "root.zone";
   masters { 192.228.79.201; 192.33.4.12; 192.5.5.241; 193.0.14.129; };
};

Some people may frown on this but slaving a zone does use tcp not
udp so it cannot be used for amplification attacks. You definitly
prevent your network from sending bogus queries and save the root
a lot of traffic.


Kind regards
Peter and Karin

DenisG wrote:
> Hi all
> 
> My ISP's DNS is VERY slow, so I put bind on my web/NFS server running
> Debian Linux (PIII 600 MHz 256 Mo RAM). I configured it as a master for
> my domain denisg.net inside the LAN (other machines use it as only DNS),
> but kept my registrar's one master for the rest of the world. Only
> machines in my LAN know it is master for this domain. Can it cause
> problems to do this?
> 
> I find that it is too slow, a few seconds to resolv an address that I
> already asked a few hours before, is normal?
> 
> I don't find infos in log files. For example I'm surfing the web since
> this morning but all I find in /var/log/daemon.log is 4 lines like this one:
> 
> Jul 26 07:41:26 babylon named[994]: lame server resolving
> '124.43.126.86.in-addr.arpa' (in '43.126.86.in-addr.arpa'?):
> 193.231.236.10#53
> 
> and same thing in /var/log/syslog. babylon is the name of the server.
> 
> Is there a problem in my config? Thanks for any advice.
> Here is my db.denisg.net
> 
> 8<------------------------------------------------------------------------
> $TTL 604800
> 
> denisg.net.     IN      SOA     babylon.denisg.net.     root.denisg.net. (
> 2006072101
> 604800
> 86400
> 2419200
> 604800
> )
>                  IN      NS      babylon.denisg.net.
>                  IN      A       192.168.0.11
> babylon         IN      A       192.168.0.11
> ...other A entries...
> www             IN      CNAME   babylon
> ...other CNAME entries...
> denisg.net.     IN      MX      10      babylon
> 8<------------------------------------------------------------------------
> 
> and my named.conf
> 
> 8<------------------------------------------------------------------------
> include "/etc/bind/named.conf.options";
> zone "." {
>          type hint;
>          file "/etc/bind/db.root";
> };
> zone "localhost" {
>          type master;
>          file "/etc/bind/db.local";
> };
> zone "127.in-addr.arpa" {
>          type master;
>          file "/etc/bind/db.127";
> };
> zone "0.in-addr.arpa" {
>          type master;
>          file "/etc/bind/db.0";
> };
> zone "255.in-addr.arpa" {
>          type master;
>          file "/etc/bind/db.255";
> };
> include "/etc/bind/named.conf.local"; # this file is empty
> zone "denisg.net" {
>      type master;
>      file "/etc/bind/db.denisg.net";
>      forwarders{};
> };
> zone "0.168.192.in-addr.arpa" {
>      type master;
>      file "/etc/bind/db.192.168.0";
>      forwarders{};
> };
> 8<------------------------------------------------------------------------
> 
> 


-- 
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/



More information about the bind-users mailing list