Options for non-recursive servers

Bob McDonald bmcdonaldjr at gmail.com
Tue Sep 22 17:24:14 UTC 2015

for non-recursive (authoritative only) servers I have:

options {
        directory "/var/cache/bind";
        allow-query { any; };
        allow-query-cache { none; };
        allow-recursion { none; };
        listen-on {; };
        listen-on {; };
        listen-on-v6 { none; };
        empty-zones-enable no;
        recursion no;
        masterfile-format text;
        minimal-responses no,
        query-source address;
        server-id "registered-NS-server-name";
        zone-statistics full;
        dnssec-enable yes;
        dnssec-validation auto;

view "default" IN {
        match-clients { any; };

include "/etc/bind/named.conf.default-zones";


view bind chaos {
        match-clients { any; };
        recursion no;
        allow-query {; internal-networks; none; };
        allow-recursion { none; };
        zone  authors.bind ch { type master; database "_builtin authors";
        zone hostname.bind ch { type master; database "_builtin hostname";
        zone  version.bind ch { type master; database "_builtin version";
        zone     id.server ch { type master; database "_builtin id";
        zone           "." ch { type hint;   file     "/dev/null";

Note: There is actually only one interface with an inside address.. It's
NATed to the outside address (query-source). Several options are defaults
and specified for clarity.

Does anything jump out as being incorrect? Are there implications to
setting minimal-responses to yes?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150922/e4f40091/attachment.html>

More information about the bind-users mailing list