Some questions about Bind
DenisG
denis.g1.no.spam at laposte.no.spam.net
Thu Jul 27 07:44:26 UTC 2006
Peter Dambier a écrit :
...
> --->> #forwarders { 10.11.12.13; 10.11.12.14; };
...
> --->> #forward first;
> Dont enable forwarders. They are the reason why your own bind is
> no faster than your ISP's.
> Dont enable forward first. See above.
Thanks for your answer. I found this myself just after sending my
message. And it works much faster now.
> Additionally you might replace
>
> > zone "." {
> > type hint;
> > file "/etc/bind/db.root";
> > };
>
> with
>
> zone "." in {
> type slave;
> file "root.zone";
> masters { 192.228.79.201; 192.33.4.12; 192.5.5.241; 193.0.14.129; };
> };
>
> Some people may frown on this but slaving a zone does use tcp not
> udp so it cannot be used for amplification attacks. You definitly
> prevent your network from sending bogus queries and save the root
> a lot of traffic.
I tried but resolving didn't work after that. Maybe the "in" shouldn't
be here? Or the IPs are not good?
--
DenisG
Ne jetez pas vos vieux PC : http://www.recyclinux.com
Site perso : http://www.denisg.net
More information about the bind-users
mailing list