Caching Only Name Server

-
Caching-only name servers are servers not authoritative for any domains except 0.0.127.in-addr.arpa, the localhost. A caching-only name server can look up names inside and outside your zone, as can primary and slave name servers. The difference is that when a caching-only name server initially looks up a name within your zone, it ends up asking one of the primary or slave names servers for your zone for the answer.

http://www.faqs.org/docs/securing/chap21sec164.html

How To: Configure Caching Nameserver (named)

 


The necessary files to setup a simple caching name server are:
  1. named.conf
  2. db.127.0.0
  3. db.cache
  4. named script
To configure the /etc/named.conf file for a simple caching name server, use this for all servers that dont act as a master or slave name server. Setting up a simple caching server for local client machines will reduce the load on the network's primary server. Many users on dialup connections may use this configuration along with bind for such a purpose. Create the named.conf file, touch /etc/named.conf and add the following lines to the file: 
 options {
 directory "/var/named";
 forwarders { 208.164.186.1; 208.164.186.2; };(1)
 forward only;
 };

 //
 // a caching only nameserver config
 zone "." in {
 type hint;
 file "db.cache";
 };

 zone "0.0.127.in-addr.arpa" in {
 type master;
 file "db.127.0.0";
 };
(1)
In the forwarders line, 208.164.186.1 and 208.164.186.2 are the IP addresses of your Primary Master and Secondary Slave DNS server. They can also be the IP addresses of your ISPs DNS server and another DNS server, respectively.
Tip: To improve the security of your BIND/DNS server you can stop it from even trying to contact an off-site server if their forwarder is down or doesn't respond. With the forward only option set in your named.conf file, the name server doesn't try to contact other servers to find out information if the forwarder doesn't give it an answer.
To configure the /var/named/db.127.0.0 file for a simple caching name server,you can use this configuration for all machines on your network that don't act as a master or slave name server. The db.127.0.0 file covers the loopback network. Create the following files in /var/named/, touch /var/named/db.127.0.0 and add the following lines in the file: 
 $TTL 345600
 @       IN      SOA     localhost. root.localhost.  (
 00 ; Serial
 86400 ; Refresh
 7200 ; Retry
 2592000 ; Expire
 345600 ) ; Minimum
 IN      NS      localhost.

 1        IN      PTR     localhost.
Configure the /var/named/db.cache file for a simple caching name server before starting your DNS server. You must take a copy of db.cache file and copy this file to the /var/named/ directory. The db.cache tells your server where the servers for the root zone are.
Use the following commands on another Unix computer in your organization to query a new db.cache file for your DNS Server or pick one from your Red Hat Linux CD-ROM source distribution: 
 [root@deep]# dig @.aroot-servers.net . ns > db.cache
Don't forget to copy the db.cache file to the /var/named/ directory on your server where you're installing DNS server after retrieving it over the Internet.
Tip: Internal addresses like 192.168.1/24 are not included in the DNS configuration files for security reasons. It is very important that DNS doesn't exist between hosts on the corporate network and external hosts.

Comments

Post a Comment

Popular posts from this blog

Water Wonder Resort

-
Image
Water Wonder Resort Location: Inarawan Antipolo City To go here from Cubao Gateway Side - Ride Jeep or Fx going to Padilla ask the driver you are going to Water Wonder Resort. From there you can take a tricycle. Best days to go here are not April or May since there are many people going here from Antipolo Area Earn money register free!
Read more

Redirect apache request to another domain

-
if you have example portal.tenerife.com portal.mazaredo.com portal.antolines.com and you want to redirect it to www.mazaredo.com in httpd.conf put this line RewriteEngine on RewriteCond %{HTTP_HOST} !^portal\.!^\.com$ [NC] RewriteRule ^(.*)$ http://www.mazaredo.com/$1 [R=301,L] As you can see the the url has 3 parts    portal, domain, com  !^portal\.!^\.com$ first part is !^portal\     you can also remove portal so any .com request going to your site will be redirected. second part is !^\ where it is like * anything. last part is .com$
Read more

Can't use proxy because no authentication schemes are fully configured.

-
So you are having problems on webmin + squid authentication ? My current setup is below. I was eating my finger nails asking why before it was working and now it doesnt. System hostname localhost.localdomain (127.0.0.1) Operating system CentOS Linux 6.3 Webmin version 1.620 Virtualmin version 3.98.gpl GPL Earn  money  register free! [root@122 ~]# service squid start Starting squid:                                            [FAILED] 2013/02/23 00:17:00| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2013/02/23 00:17:00| ERROR: '0.0.0.0/0.0.0.0' needs to be replaced by the term 'all'. 2013/02/23 00:17:00| SECURITY NOTICE: Overriding config setting. Using 'all' instead. 2013/02/23 00:17:00| WARNING: (B) '::/0' is a subnetwork ...
Read more