Configuring a Forwarding Only Server

Listing 27.2 presents a basic/etc/named.conf file that configures the server to function as a forwarding-only server—that is, a server that forwards DNS requests to other DNS servers. You might create such a configuration to speed up local DNS lookups. If you regularly use certain sites, your local server can cache these sites' addresses, thereby delivering the addresses to your DNS clients immediately, without sending the DNS request to your ISP's DNS servers.

Listing 27.2: A Forwarding-Only /etc/named.conf File options { directory "/var/named/"; forwarders { 192.168.202.1; 10.72.81.2;

forward first;

. n m r zone . { type hint; file "named.ca";

zone "0.0.127.in-addr.arpa" { type master; file "named.local";

Listing 27.2 includes an options section that sets four options or sets of options: directory This line sets the directory in which zone configuration files and other ancillary configuration files appear. This directory is typically /var/named, but you can change it to something else if you prefer.

forwarders This series of lines is very important; it specifies the IP addresses of the name servers to which BIND is to forward the name resolution requests it receives. You should obtain the IP addresses of your ISP's name servers and enter them here. (Don't try to use the addresses in Listing 27.2; they're fictitious.) You must enter these addresses as IP addresses, not as hostnames.

listen-on This block of lines is optional. It tells the server to bind itself to the network interface with the specified IP address (172.27.15.2 in Listing 27.2). If the computer has multiple network interfaces, the server won't listen on any but the addresses you specify. This option is particularly important if you run the server only for the benefit of the computer on which it runs. You could bind to 127.0.0.1 to keep any other computer from using it and possibly exploiting bugs in the server.

forward first This option tells the server to forward DNS lookup requests and then to attempt a full recursive lookup (that is, to try to resolve the address as regular nonforwarding servers do, by querying a chain of servers until an answer is found). This option contrasts with forward only, which tells the server to ask the forwarders about an address but not to try a full lookup if the initial query fails. The forward first option is desirable if your forwarders are unreliable, because it provides a fallback means of name resolution. This fallback takes time, though, and so forward only can produce speedier failures for mistyped hostnames if the forwarders are reliable. If you want to configure a nonforwarding DNS server, you should omit both the forwarders subsection and the forward line.

The zone blocks in Listing 27.2 tell BIND where to go to find information about the root servers (as described in the zone "." section) and to find information for the 127.0.0.0/24 netblock (the zone "0.0.127.in-addr.arpa" section). Root servers are the starting point for a full recursive lookup, and the 127.0.0.0/24 netblock is associated with the loopback interface. Both of these zones reference files (named.ca and named.local) that should exist in the directory specified on the directory line. These files normally exist in a default installation, but their names may not be the same as the ones specified in Listing 27.2. Consult your own default file.

With the exception of the IP addresses specified in the forwarders subsection, the listen-on interface address, and possibly the filenames of the default zone files, Listing 27.2 is a reasonable named.conf default file for a typical forwarding-only configuration. Change these details as appropriate for your system and BIND should function as a forwarding-only name server. Start it, reconfigure your clients to use this server, and it should work. After running the server for a few hours or days, you may see a modest improvement in name lookup times. This effect can manifest itself most noticeably in web browsing—web pages are likely to appear slightly more quickly when you or somebody else on your network accesses a site whose name is in the BIND cache. Retrieval of less commonly accessed sites isn't likely to improve. Performance may drop slightly if you restart BIND, as it will lose its cache.

0 0

Post a comment