|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: The power of default configurations
On 4/7/2005 12:05 PM, Jon Lewis wrote:
> I added something like this to our binds that handle recursive queries.
> Is there any reason distros (or ISC) couldn't make this a part of the
> "default config"?
This setup works if you know the server is the last resort for your local
clients. It doesn't work as a default install unless you are also willing
to scream warnings about changing the defaults everytime named.conf is
modified for local use.
Besides which, you'd really prefer to have an internal filter kill the
queries before they are sent to the root (as part of chasing down the
delegation chain), or before it was sent to the authoritative servers for
in-addr.arpa. (if such was already learned), rather than make users
remember to change the configuration file.
btw your setup would be technically better if it didn't have the wildcard
entry since a negative answer is more accurate. negative caching doesn't
work as well as long-lived positive caching, but still, negative answers
would be more appropriate.
> zone "168.192.in-addr.arpa" {
> type master;
> file "sink";
> };
>
> zone "10.in-addr.arpa" {
> type master;
> file "sink";
> };
> ... other similar zones clipped
>
> sink is just
>
> @ IN SOA localhost. root.localhost. (
> 2002100800 ; Serial
> 28800 ; Refresh
> 14400 ; Retry
> 3600000 ; Expire
> 86400 ) ; Minimum
> IN NS localhost.
>
> * PTR invalid
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
|