Re: Options for non-recursive servers

[Matus UHLAR - fantomas]

On 22.09.15 12:24, Bob McDonald wrote:

for non-recursive (authoritative only) servers I have:

[deleted]

Note: There is actually only one interface with an inside address.. It's
NATed to the outside address (query-source). Several options are defaults
and specified for clarity.



Does anything jump out as being incorrect?


I don't see reason to redefine all defaults. when defaults change for a sane
reason, you may miss that reason then. 


And if you wanted to change anything, defining views could cause troubles.


Are there implications to setting minimal-responses to yes?


you can in some cases receive multiple requests that could be avoided
without this.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Options for non-recursive servers

[Bob McDonald]

for non-recursive (authoritative only) servers I have:

options {
directory "/var/cache/bind";
allow-query { any; };
allow-query-cache { none; };
allow-recursion { none; };
listen-on { 127.0.0.1; };
listen-on { 172.26.99.117; };
listen-on-v6 { none; };
empty-zones-enable no;
recursion no;
masterfile-format text;
minimal-responses no,
transfer-source 172.26.99.117;
notify-source 172.26.99.117;
query-source address 172.26.99.117;
server-id "registered-NS-server-name";
zone-statistics full;
dnssec-enable yes;
dnssec-validation auto;
};

view "default" IN {
match-clients { any; };

include "/etc/bind/named.conf.default-zones";

};

view bind chaos {
match-clients { any; };
recursion no;
allow-query { 127.0.0.1; internal-networks; none; };
allow-recursion { none; };
zone  authors.bind ch { type master; database "_builtin authors";
 };
zone hostname.bind ch { type master; database "_builtin hostname";
};
zone  version.bind ch { type master; database "_builtin version";
 };
zone id.server ch { type master; database "_builtin id";
};
zone   "." ch { type hint;   file "/dev/null";
};
};

Note: There is actually only one interface with an inside address.. It's
NATed to the outside address (query-source). Several options are defaults
and specified for clarity.

Does anything jump out as being incorrect? Are there implications to
setting minimal-responses to yes?

Thanks,

Bob
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users