[SOLVED] Cache only DNS - how does it still resolve names?

Issues related to applications and software problems
Post Reply
nycbp
Posts: 30
Joined: 2011/11/13 19:56:17

[SOLVED] Cache only DNS - how does it still resolve names?

Post by nycbp » 2014/01/19 14:20:47

Hi guys,

Can anyone help me understand "how" my cache only DNS is able to resolve names? I'm interested in finding out how this works. I suspect that lines 37-40 may have something to do with this.

Code: Select all

     1	//
     2	// named.conf
     3	//
     4	// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
     5	// server as a caching only nameserver (as a localhost DNS resolver only).
     6	//
     7	// See /usr/share/doc/bind*/sample/ for example named configuration files.
     8	//
     9	
    10	options {
    11		listen-on port 53 { 127.0.0.1; 192.168.122.50; };
    12		//listen-on-v6 port 53 { ::1; };
    13		directory 	"/var/named";
    14		dump-file 	"/var/named/data/cache_dump.db";
    15	        statistics-file "/var/named/data/named_stats.txt";
    16	        memstatistics-file "/var/named/data/named_mem_stats.txt";
    17		allow-query     { localhost; 192.168.122.0/24; };
    18		recursion yes;
    19	
    20		dnssec-enable yes;
    21		dnssec-validation yes;
    22		dnssec-lookaside auto;
    23	
    24		/* Path to ISC DLV key */
    25		bindkeys-file "/etc/named.iscdlv.key";
    26	
    27		managed-keys-directory "/var/named/dynamic";
    28	};
    29	
    30	logging {
    31	        channel default_debug {
    32	                file "data/named.run";
    33	                severity dynamic;
    34	        };
    35	};
    36	
    37	zone "." IN {
    38		type hint;
    39		file "named.ca";
    40	};
    41	
    42	include "/etc/named.rfc1912.zones";
    43	include "/etc/named.root.key";
Last edited by nycbp on 2014/01/21 01:37:35, edited 1 time in total.

markkuk
Posts: 739
Joined: 2007/09/07 10:56:28
Location: Finland

Re: Cache only DNS - how does it still resolve names?

Post by markkuk » 2014/01/20 14:32:31

It's the line 18 that defines your DNS as a fully recursive resolver. A cache-only DNS should have "recursion no".

nycbp
Posts: 30
Joined: 2011/11/13 19:56:17

Re: Cache only DNS - how does it still resolve names?

Post by nycbp » 2014/01/21 01:37:21

Indeed. This works as expected. Thank you!

moonpup
Posts: 118
Joined: 2008/11/20 20:38:18

Re: [SOLVED] Cache only DNS - how does it still resolve name

Post by moonpup » 2014/01/22 15:18:55

I know this is marked as solved, but I wanted to let you know that markkuk gave you misinformation. A DNS caching name server should be recursive and allow recursion. It's an authoritative DNS (start of authority) server that should NOT allow recursion. An SOA should only resolve what it is authoritative for.

Post Reply

Return to “CentOS 6 - Software Support”