Thanks everyone for their help. As far as complex editing of files - yes I can easily do that - but I am a user an if its not on the GUI screen - its not there (not always).
The DNS server is a Cache server only and is zones as to only ask for a
no-authoritative response . As far as their DNS servers are concerned I
am just 1 of thousands which cannot resolve locally and going up the
TLD 's they cannot resolve so the request for resolution *towards* the
TLD world root servers is easy safe and I my DNS I have zones thinks of
me as just another request for resolution that a lower TLD could not
resolve.
Beside - This is a secure site - The worst they can do is deny my all my
requests. I am quite safe I can assure you and so is the DNS server I
have chosen.
You worry too much you will give me grey hair
Scott
G T Smith wrote:
> Carlos E. R. wrote:
> > The Monday 2007-05-21 at 12:06 +1000, Registration Account wrote:
>
> >> Thanks for your comment. I understand I can trust a cached DNS
> server to
> >> just do what is can do without defining zones, however in this case I
> >> don't want to let it do what it wants to - if I did it would probably
> >> just ask my ISP DNS servers first and then other local DNS servers.
> >> Why I elected to define external zones is that I wanted a cached answer
> >> from a source well outside the country - so in some ways I have
> >> circumvented a situation where a cached answer could come from a local
> >> source.
> > You don't need to define any zones to achieve that behaviour.
>
> > What you need is playing with the options in /etc/named.conf:
>
> > forward first;
> > forwarders { One_IP; Another_IP; };
>
> > with this two lines, the "named" daemon will ask first those DNSs
> servers
> > you list there - and you choose them local or in the antipodes. Or
> remove
> > those lines and it will always ask the root servers.
>
> > But you do not need to define any zone at all.
>
>
> There is the further option of defining a forward zone (see below)...
> This would direct queries about a particular address space to a
> particular server. This would require a fair bit of TLC. (and I am
> assuming that is what is being done here, trying to synchronise as a
> slave zone without permission is quite likely to be interpreted as an
> attempted security hack whether it succeeds or not).
>
> > zone domain_name [ ( in | hs | hesiod | chaos ) ] {
> > type forward;
> > [ forward ( only | first ); ]
> > [ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ]
> > [ check-names ( warn | fail | ignore ); ]
> > };
>
> This could reduce the negotiation traffic
>
smime.p7s
Description: S/MIME Cryptographic Signature
