Re: BIND name caching and forwarding
[This message has also been posted to linux.debian.user.]
In article <7449o-O0-69@gated-at.bofh.it>, Andrew Critchlow wrote:
>
> Hi everyone, Anyone good with Bind?
Yeah, the guy who packages it for Debian.
> I was wondering that if I set up a dns =
> server just for local hosts would I have to include forwarders to the ISP d=
> ns servers for internet lookup?
If you don't, your BIND is going to be querying the root
servers to find out who's authoritative for .com all the time.
That's abusive, if your ISP even lets you do it.
> Also does anyone know how I could configure=
> a caching-only nameserver? thanks=
apt-get install bind9 bind9-host
dpkg-reconfigure bind9
Or something like that. Let Debian do it.
You might want to put something in netfilter
so the general public doesn't use your BIND as
their forwarder. Block INPUT to port 53.
Then unblock INPUT to port 53 for networks where
your friends are.
Here's a more interesting problem. Say I've got
about six thousand CIDR rules for rbldnsd.
(Meaner than sbl-xbl, more useful than SPEWS.)
I like what it does for Postfix and I want to keep it.
Now say I want to run BIND on the same interface
at the same IP address, so I can be authoritative for
a few domains as well. Is there a clever way to make
BIND be a forwarder for rbldnsd? Is this ridiculous
wrt performance?
Perhaps have rbldnsd listen on a weird port and
have BIND query it on some private address via
port forwarding?
Cameron
Reply to: