BIND9 Recursive or Secondary Nameserver
by CyberIT from LinuxQuestions.org on (#5ATM9)
Hello All
I have a few questions on configuring a Recursive or Secondary (Slave) Nameserver.
I pretty much want servers to receive zone transfers from the Master Server and have all devices connect to these Slave servers for DNS resolution, not from the Master Server.
Im confused on if I really need to have the following configured within the named.conf file
Code:recursion yes;
allow-recursion { localhost; any; };
allow-query { localhost; any; };Code:zone "iuqerfs.com" {
type slave;
file "/var/named/slaves/named.iuqerfs.com";
masters { mserver; };
allow-notify { none; };
allow-query { any; };
request-ixfr yes;
masterfile-format text;
forwarders {};
};
Should I be using any; like listed above OR should I use an ACL and put all networks within it so if an attack happens the attacker wouldnt be able to do anything
Code:acl trusted { 10.0.0.0/16; etc; etc; };
allow-recursion { localhost; trusted; };
allow-query { localhost; trusted; };
OR should I put the Slave servers on its own subnet and just allow that subnet?
Code:acl slaves { 10.40.25.0/24; etc; etc; };
allow-recursion { localhost; slaves; };
allow-query { localhost; slaves; };
I could use some help with configuration...
Thank you!
I have a few questions on configuring a Recursive or Secondary (Slave) Nameserver.
I pretty much want servers to receive zone transfers from the Master Server and have all devices connect to these Slave servers for DNS resolution, not from the Master Server.
Im confused on if I really need to have the following configured within the named.conf file
Code:recursion yes;
allow-recursion { localhost; any; };
allow-query { localhost; any; };Code:zone "iuqerfs.com" {
type slave;
file "/var/named/slaves/named.iuqerfs.com";
masters { mserver; };
allow-notify { none; };
allow-query { any; };
request-ixfr yes;
masterfile-format text;
forwarders {};
};
Should I be using any; like listed above OR should I use an ACL and put all networks within it so if an attack happens the attacker wouldnt be able to do anything
Code:acl trusted { 10.0.0.0/16; etc; etc; };
allow-recursion { localhost; trusted; };
allow-query { localhost; trusted; };
OR should I put the Slave servers on its own subnet and just allow that subnet?
Code:acl slaves { 10.40.25.0/24; etc; etc; };
allow-recursion { localhost; slaves; };
allow-query { localhost; slaves; };
I could use some help with configuration...
Thank you!