Am 29.10.2015 um 01:06 schrieb Martin Gregorie:
If you don't understand how to install and configure a DNS server and prefer printed material to online documents, get the O'Reilly book "DNS and BIND"
no need for use bind at all for cahcing nameservers, unbound is much faster for *that* task and works more or less out-of-the-box
unbound.conf on our inbound MX while all production nameservers with authoritative zones are bind
server: verbosity: 1 statistics-interval: 86400 statistics-cumulative: no extended-statistics: no num-threads: 1 outgoing-range: 1024 num-queries-per-thread: 512 msg-cache-slabs: 8 rrset-cache-slabs: 8 infra-cache-slabs: 8 key-cache-slabs: 8 so-rcvbuf: 4m so-sndbuf: 4m minimal-responses: yes msg-cache-size: 64m neg-cache-size: 64m rrset-cache-size: 128m cache-min-ttl: 300 cache-max-ttl: 10800 interface: 127.0.0.1 access-control: 127.0.0.0/8 allow interface-automatic: no port: 53 do-ip4: yes do-ip6: no do-udp: yes max-udp-size: 1024 edns-buffer-size: 1024 do-tcp: yes do-daemonize: yes username: "unbound" directory: "/etc/unbound" chroot: "/etc/unbound" use-syslog: yes log-time-ascii: yes pidfile: "/run/unbound/unbound.pid" hide-identity: yes hide-version: yes harden-glue: yes harden-dnssec-stripped: no harden-referral-path: no use-caps-for-id: no unwanted-reply-threshold: 10000000 do-not-query-localhost: no prefetch: yes prefetch-key: yes
signature.asc
Description: OpenPGP digital signature
