Wednesday, April 6, 2011

simple named.conf for a caching nameserver on Slackware-current

You can control which networks/IPs can recursively access this nameserver by 'tweaking' the 'localnet' and 'remote-rec' ACLs

// /etc/named.conf
acl     localnet { 192.168.2.0/24; 127.0.0.1; };
acl     remote-rec { 1.2.3.4; };
options {
        directory "/var/named";
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        // query-source address * port 53;
        allow-recursion { localnet; remote-rec; };
};
// 
// a caching only nameserver config
// 
zone "." IN {
        type hint;
        file "caching-example/named.root";
};

zone "localhost" IN {
        type master;
        file "caching-example/localhost.zone";
        allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "caching-example/named.local";
        allow-update { none; };
};

No comments: