From Fedora Project Wiki
DNS and BIND
Cache-only Nameserver
A cache-only nameserver does not hold authoritative information for a zone or a domain. Instead, it performs recursive queries, and caches the results. This results in less network traffic for commonly accessed websites.
To use BIND as a cache-only nameserver:
- run the following command as root to install the caching-nameserver package:
yum install caching-nameserver
- After the caching-nameserver package is installed, two configuration files,
/etc/named.rfc1912.zonesand/etc/named.caching-nameserver.confare created. As well, the/var/named/directory is populated with sample zone database files.
- run the following command as root to remove the
/etc/rndc.keyfile:
rm /etc/rndc.key
- run the following command as root to generate the
rndc.conffile:
/usr/sbin/rndc-confgen
- the output will be similar to the following:
key "rndckey" {
algorithm hmac-md5;
secret "MpmPgP8WfwJsOEFehaJvEA==";
};
options {
default-key "rndckey";
default-server 127.0.0.1;
default-port 953;
};
#
- copy the section between # Start of rndc.conf and # End of rndc.conf, and save it as
/etc/rndc.conf. Using the example output above, the/etc/rndc.conffile would look as follows:
key "rndckey" {
algorithm hmac-md5;
secret "MpmPgP8WfwJsOEFehaJvEA==";
};
options {
default-key "rndckey";
default-server 127.0.0.1;
default-port 953;
};
- copy the section between # Use with the following in named.conf and # End of named.conf, into the
/etc/named.caching-nameserver.conffile. Using the example output above, the following section would be added to the/etc/named.caching-nameserver.conffile:
key "rndckey" {
algorithm hmac-md5;
secret "MpmPgP8WfwJsOEFehaJvEA==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndckey"; };
};
- for further rndc configuration details, please refer to the Configuring and Using the rndc tool section.
- to start named, run the following command as root:
service named start
Permissions
Run the following commands as root to set the correct mode, and user and group ownership for each file:
chown named:named /etc/named.caching-nameserver.conf; chown named:named /etc/named.rfc1912.zones
chmod 600 /etc/named.caching-nameserver.conf; chmod 600 /etc/named.rfc1912.zones
The zone database files in the /var/named/ directory, such as localdomain.zone, and localhost.zon, have read and write permissions by default. For security, it is recommended that these files are read-only. To make these files read-only, run the following command as root:
chmod 400 localdomain.zone localhost.zone named.broadcast named.ca named.ip6.local named.local named.zero
| Administration Guide - TOC | Previous Page - Running BIND in a chroot jail | Next Page - DNS and Mail |