Wednesday, January 13, 2010

Recursive open & locked-down OpenDNS BIND options

My BIND caches for work weren't setup too well: I needed a recursive one from a site not using OpenDNS & one that did and honored its restrictions. Changes should be made in named.conf or named.conf.options , depending on when BIND was installed and what version it is.

Changes for restricted OpenDNS recursive cache

1. Use the following for options...
forwarders { 208.67.222.222; 208.67.220.220; };
forward only;
listen-on-v6 {any;};
allow-recursion {any;};

2. Comment out the zone "." section.

Changes for good working recursive DNS

1. Use the following for options (forwarders can be any DNS server set)...

forwarders { 8.8.8.8; 208.67.222.222; };
forward first;
listen-on-v6 {any;};
allow-recursion {any;};


* Saved copy of NetDig: can't seem to download this from the original site anymore.
* BIND Query Command Reference

No comments:

Post a Comment