-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Carlos E. R. wrote:
>
> The Monday 2007-05-21 at 12:06 +1000, Registration Account wrote:
>
>> Thanks for your comment. I understand I can trust a cached DNS server to
>> just do what is can do without defining zones, however in this case I
>> don't want to let it do what it wants to - if I did it would probably
>> just ask my ISP DNS servers first and then other local DNS servers.
>
>> Why I elected to define external zones is that I wanted a cached answer
>> from a source well outside the country - so in some ways I have
>> circumvented a situation where a cached answer could come from a local
>> source.
>
> You don't need to define any zones to achieve that behaviour.
>
> What you need is playing with the options in /etc/named.conf:
>
> forward first;
> forwarders { One_IP; Another_IP; };
>
> with this two lines, the "named" daemon will ask first those DNSs servers
> you list there - and you choose them local or in the antipodes. Or remove
> those lines and it will always ask the root servers.
>
> But you do not need to define any zone at all.
>
There is the further option of defining a forward zone (see below)...
This would direct queries about a particular address space to a
particular server. This would require a fair bit of TLC. (and I am
assuming that is what is being done here, trying to synchronise as a
slave zone without permission is quite likely to be interpreted as an
attempted security hack whether it succeeds or not).
> zone domain_name [ ( in | hs | hesiod | chaos ) ] {
> type forward;
> [ forward ( only | first ); ]
> [ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ]
> [ check-names ( warn | fail | ignore ); ]
> };
This could reduce the negotiation traffic
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFGUtHlasN0sSnLmgIRAq79AJ9TsjbP1xIbX+rVpijOpUHLafLpmACdEoFt
aDjo3nY82HBxIit+kdhfSPo=
=A4Wh
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
