Wednesday, January 13, 2010

Recursive open & locked-down OpenDNS BIND options

My BIND caches for work weren't setup too well: I needed a recursive one from a site not using OpenDNS & one that did and honored its restrictions. Changes should be made in named.conf or named.conf.options , depending on when BIND was installed and what version it is.

Changes for restricted OpenDNS recursive cache

1. Use the following for options...
forwarders {;; };
forward only;
listen-on-v6 {any;};
allow-recursion {any;};

2. Comment out the zone "." section.

Changes for good working recursive DNS

1. Use the following for options (forwarders can be any DNS server set)...

forwarders {;; };
forward first;
listen-on-v6 {any;};
allow-recursion {any;};

* Saved copy of NetDig: can't seem to download this from the original site anymore.
* BIND Query Command Reference

