Options for non-recursive servers

Bob McDonald bmcdonaldjr at gmail.com
Tue Sep 22 17:24:14 UTC 2015


for non-recursive (authoritative only) servers I have:

options {
        directory "/var/cache/bind";
        allow-query { any; };
        allow-query-cache { none; };
        allow-recursion { none; };
        listen-on { 127.0.0.1; };
        listen-on { 172.26.99.117; };
        listen-on-v6 { none; };
        empty-zones-enable no;
        recursion no;
        masterfile-format text;
        minimal-responses no,
        transfer-source 172.26.99.117;
        notify-source 172.26.99.117;
        query-source address 172.26.99.117;
        server-id "registered-NS-server-name";
        zone-statistics full;
        dnssec-enable yes;
        dnssec-validation auto;
};

view "default" IN {
        match-clients { any; };

include "/etc/bind/named.conf.default-zones";

};

view bind chaos {
        match-clients { any; };
        recursion no;
        allow-query { 127.0.0.1; internal-networks; none; };
        allow-recursion { none; };
        zone  authors.bind ch { type master; database "_builtin authors";
 };
        zone hostname.bind ch { type master; database "_builtin hostname";
};
        zone  version.bind ch { type master; database "_builtin version";
 };
        zone     id.server ch { type master; database "_builtin id";
};
        zone           "." ch { type hint;   file     "/dev/null";
};
};

Note: There is actually only one interface with an inside address.. It's
NATed to the outside address (query-source). Several options are defaults
and specified for clarity.

Does anything jump out as being incorrect? Are there implications to
setting minimal-responses to yes?

Thanks,

Bob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150922/e4f40091/attachment.html>


More information about the bind-users mailing list