On 3/8/07, Ariel Biener <[EMAIL PROTECTED]> wrote:
The right (well, I am not Paul Vixie but, this is the general consensus) is to
split the DNS setup into the following:
1. Authoritative, a set of name servers that only respond to queries of data
sets that are local to them. Used for you and others around the world to
know about stuff in your domains/zones. These have port 53 of both tcp and
udp open to your network and to the world.
2. Caching only, used for your network to resolve stuff that is foreign to
your own zones. These are not accessible from the world, and are
only accessible to you/your clients.
The idea is that all your applications/computers/devices will have the
caching only NS defined as their resolver (with a backup to 1-2 ISP
based NSs that are available to you due to buying transit from them).
I don't see any reason to split. I only have one server machine, and
I'm using the same DNS server for both purposes. It works. Of
course, if you want you can use my DNS server as your own resolver,
but I don't care. By the way, Netvision also uses the same 2 name
servers for both purposes. You can use their name servers too as your
own resolver, even if you're not a customer. And the same is with all
ISP's I know.
By the way, I'm using the same Linux machine to run DNS (BIND), mail
(sendmail), and HTTP (apache) - and it works.
> > > P.S. How do I check which version of BIND I'm using?
> >
> > I usually do rpm -q bind, why ? what do you do ?
/path/to/named -v (usually /usr/sbin/named in Linux).
Here's the result on my server:
[EMAIL PROTECTED] tmp]$ /usr/sbin/named -v
BIND 9.2.1
Uri.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
