Bind 9.4.1 configuration needed
Chris Buxton
cbuxton at menandmice.com
Fri Aug 3 16:37:24 UTC 2007
Check out Rob Thomas' secure BIND template. I recommend removing the
bogon list and the blackhole statement, since these require
continuing maintenance. (You'll see why if you look at the changelog
at the top of the page.) I also recommend removing the logging
statement unless you understand logging - it's probably sufficient to
rely on the default logging configuration.
<http://www.cymru.com/Documents/secure-bind-template.html>
Be sure to read all the comments and customize all of the settings
for your local subnets. You can remove most of the zone statements -
just be sure to have definitions for localhost, 127.in-addr.arpa, and
optionally the IPv6 loopback subnet.
I notice you'll also need to add an allow-recursion or allow-query-
cache statement to the "internal-in" view, since otherwise recursion
will be restricted to "{ localhost; localnets; }" (the default for
BIND 9.4).
_________________
Another alternative is to use a stock configuration from your
operating system vendor, and just customize it a bit. For example,
Ubuntu Server has a pretty good stock configuration, as does Red Hat
Enterprise. (RHEL 5's default config is a bit fiddly, though.)
Chris Buxton
Men & Mice
On Aug 3, 2007, at 2:00 AM, Iñaki Martínez Díez wrote:
> Hi,
>
> I need a special (i think) bind 9.4.1 configuration, my requisites
> are:
>
> * NO local zones only queries
> * queries to Root servers
> * Only queries from a list of IPs and Networks
> * Very loaded because of lots of queries (about 500 servers querying
> lots per second)
> * Cache only bind (how to delete/flush a cached zone??)
>
> I think this is all i need.
>
> Can anybody help me???
>
>
> Thank you in advance.
>
>
>
>
More information about the bind-users
mailing list