Login or Register to Ask a Question and Join Our Community


IP Networking

DNS Cache-Only Config Advice

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums IP Networking DNS Cache-Only Config Advice
# 1  
Old 09-25-2009
DNS Cache-Only Config Advice
Hi Chaps and Chappettes,

I've had a short period of time recently to learn and implement DNS cache-only in our organisation. Trouble is, according to my tcpdumps, the amount of traffic on port 53 has increased. This is of course the exact opposit of the desired effect. Would y'all mind looking over my config?

FYI, the machine is an Exim MTA handling mail traffic. There are 2 internal and 2 external DNS servers as well as this machine. resolv.conf is pointed to local. Stuff I dig appears in the cache dump. I'm not sure if I should have the zone specified as there is no zonefile on this machine, but it did seem to get the internal traffic going again.

RHEL 5 2.6.18-128.1.6.el5PAE
BIND 9.3.4-10.P1.el5

Many, many thanks for any help.

named.conf:
Code:
options {
  forwarders { ip_of_external_1; ip_of_external_2; };
  forward first;
  directory "/var/named" ;
  dump-file "dump/named_dump.db";
  allow-query { any; };
  allow-recursion { any; };
  allow-transfer { none; };
  allow-notify { none; };
  listen-on-v6 { none; };
  recursive-clients 3500;
  version none;
  zone-statistics yes;
  notify no;
  auth-nxdomain no;
  };

logging{
  channel simple_log {
    file "named.log" versions 3 size 5m;
    severity dynamic;
    print-time yes;
    print-severity yes;
    print-category yes;
  };
  category default{
    simple_log;
  };
  category lame-servers {
    null;
  };
};

zone "orgname.com" {
        type forward;
        forwarders { ip_of_internal_1; 2ip_of_internal_2; ip_of_internal_1_service_ip; ip_of_internal_2_service_ip; };
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "db.127.0.0";
};

db.127.0.0:
Code:
$TTL 345600
@               IN      SOA     localhost. root.localhost.      (
                                00      ; Serial
                                86400   ; Refresh
                                7200    ; Retry
                                2592000 ; Expire
                                345600) ; Minimum

                IN      NS      localhost.
1               IN      PTR     localhost.

# 2  
Old 11-17-2009
Since no one has given a shot at your question, I will sidestep the question and answer with: get DJB's dnscache program. It's part of his larger DNS server toolset; we use another DNS product completely for external DNS handling, and dnscache for forwarding internal requests. This is more secure, faster, and simpler to configure. You would have BIND "listen" on the external IP, and dnscache listen on the internal IP; this way they can co-exist on the same router.
# 3  
Old 11-18-2009
Quote:
Trouble is, according to my tcpdumps, the amount of traffic on port 53 has increased.
Which type of traffic on port 53 are you talking about? Outgoing to an external nameserver(s) or DNS queries from your internal systems.
Login or Register to Ask a Question

Previous Thread | Next Thread

7 More Discussions You Might Find Interesting

1. IP Networking

DNS config preventing mail delivery

Hi Please can you help on this: the Net Admins decided to use DNS to resolve names, so this is preventing mail being delivered when using commands like date | mailx -s "test" abc.xyz@asdf.xx.yy. What we were asked was to edit /etc/resolv.confand add 3 entries, in all servers (10 Replies)
Discussion started by: fretagi
10 Replies

2. IP Networking

How to add intranet sites to DNS cache?

Hi all, I'm hosting a site for my team in my LAN, for which my team mates should type my hosting server IP address in the web browser, example: http://192.168.134.213:78/testteam/ This is really hectic to type the ip address always, is there anyway where i can create a site name mapping to... (7 Replies)
Discussion started by: Arun_Linux
7 Replies

3. Solaris

DNS Cache Problem-Urgent !!!!!!

I have DNS Server running in solaris 10 . There is website called exaple.com ,whcih was hosted in this dns server with IP 1.2.3.4 ,now we deleted the DNS entry of that website from our DNS Server (db.exmaple.com is deleted from named.conf ) and it is hosted with some other name server with IP... (1 Reply)
Discussion started by: sandeep.tk
1 Replies

4. Red Hat

Path of the DNS Cache file

We have a DNS server that is only using as a cache DNS of parent server. I wonder where it the cache file that it created from parent DNS? Please tell me where will be the cache file? (0 Replies)
Discussion started by: abhilashkrishn
0 Replies

5. Cybersecurity

Dns cache poisoning upgrade to bind9.5.0p2

Hi again guys, It seems this is a global thing affecting all the DNS bind versions prior to July 28 2008. I have my work cut out for me very soon, I see at least a handful of servers in my list that either need to patching or upgrading. How many of you guys are affected? Anybody successfully... (4 Replies)
Discussion started by: sparcguy
4 Replies

6. Ubuntu

Linux Redhat ES 4.0 - DNS Config Issues

Hello all, I've a very strange thing hapenning in my Sys, I've configured the IP, DNS eveything for my internat connection, but Im only able to browse Redhat.com websites. I cant open anyother site!!! :eek: Im sure the internet is configured 'coz it displays the list of avail updates for... (11 Replies)
Discussion started by: AbhijithS
11 Replies

7. Solaris

DHCP DNS Config

I'm running Solaris 9 and I need my box to request it's DNS servers off a DHCP server - can I do this? (1 Reply)
Discussion started by: Jdogg
1 Replies
Login or Register to Ask a Question