Please update the BIND installation instructions for MULTI-SERVER configs.

Discussion in 'Feature Requests' started by fbarcenas, Dec 5, 2017 at 1:32 AM.

  1. fbarcenas

    fbarcenas Member

    Please update the BIND installation instructions for MULTI-SERVER configs in the Manual and documentation section of the website.
    If you are going through the trouble of creating separate DNS servers, you have to assume that your other servers will use them for DNS servers, and not 8.8.8.8 / 8.8.4.4 or the local ISPs DNS.
    In order for them to do that, you will need to place similar code in your /etc/bind/named.conf.options:
    Code:
    acl "trusted" {
         0.0.0.0/0;
            0.0.0.0/0;
            127.0.0.1;
         localhost;
         localnets;
    };
    
    options {
            directory "/var/cache/bind";
    
            // If there is a firewall between you and nameservers you want
            // to talk to, you may need to fix the firewall to allow multiple
            // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
    
            // If your ISP provided one or more IP addresses for stable
            // nameservers, you probably want to use them as forwarders.
            // Uncomment the following block, and insert the addresses replacing
            // the all-0's placeholder.
    
            // forwarders {
            //      0.0.0.0;
            // };
    
            //========================================================================
            // If BIND logs error messages about the root key being expired,
            // you will need to update your keys.  See https://www.isc.org/bind-keys
            //========================================================================
            dnssec-enable yes;
            dnssec-validation yes;
            dnssec-lookaside auto;
    
            auth-nxdomain no;    # conform to RFC1035
            listen-on-v6 { any; };
            additional-from-auth no;
            additional-from-cache no;
            allow-query { any; };
            allow-recursion { trusted; };
            allow-query-cache { trusted; };
    
    };
    Replace the 0.0.0.0/0; that exist with your networks IP range in CIDR format.
     
    Last edited: Dec 5, 2017 at 9:45 PM

Share This Page