Bind 9.4.1 configuration needed

Chris Buxton cbuxton at menandmice.com
Fri Aug 3 16:37:24 UTC 2007


Check out Rob Thomas' secure BIND template. I recommend removing the  
bogon list and the blackhole statement, since these require  
continuing maintenance. (You'll see why if you look at the changelog  
at the top of the page.) I also recommend removing the logging  
statement unless you understand logging - it's probably sufficient to  
rely on the default logging configuration.

<http://www.cymru.com/Documents/secure-bind-template.html>

Be sure to read all the comments and customize all of the settings  
for your local subnets. You can remove most of the zone statements -  
just be sure to have definitions for localhost, 127.in-addr.arpa, and  
optionally the IPv6 loopback subnet.

I notice you'll also need to add an allow-recursion or allow-query- 
cache statement to the "internal-in" view, since otherwise recursion  
will be restricted to "{ localhost; localnets; }" (the default for  
BIND 9.4).
_________________

Another alternative is to use a stock configuration from your  
operating system vendor, and just customize it a bit. For example,  
Ubuntu Server has a pretty good stock configuration, as does Red Hat  
Enterprise. (RHEL 5's default config is a bit fiddly, though.)

Chris Buxton
Men & Mice

On Aug 3, 2007, at 2:00 AM, Iñaki Martínez Díez wrote:

> Hi,
>
>  I need a special (i think) bind 9.4.1 configuration, my requisites  
> are:
>
>  * NO local zones only queries
>  * queries to Root servers
>  * Only queries from a list of IPs and Networks
>  * Very loaded because of lots of queries (about 500 servers querying
> lots per second)
>  * Cache only bind (how to delete/flush a cached zone??)
>
>  I think this is all i need.
>
>  Can anybody help me???
>
>
>  Thank you in advance.
>
>
>
>



More information about the bind-users mailing list