Fedora

Archive:Docs/Drafts/AdministrationGuide/Servers/DNSBIND/BINDCache

From FedoraProject

DNS and BIND

Cache-only Nameserver

A cache-only nameserver does not hold authoritative information for a zone or a domain. Instead, it performs recursive queries, and caches the results. This results in less network traffic for commonly accessed websites.

To use BIND as a cache-only nameserver:

• run the following command as root to install the caching-nameserver package:

yum install caching-nameserver

• After the caching-nameserver package is installed, two configuration files, /etc/named.rfc1912.zones and /etc/named.caching-nameserver.conf are created. As well, the /var/named/ directory is populated with sample zone database files.

• run the following command as root to remove the /etc/rndc.key file:

rm /etc/rndc.key

• run the following command as root to generate the rndc.conf file:

/usr/sbin/rndc-confgen

• the output will be similar to the following:

key "rndckey" {
algorithm hmac-md5;
secret "MpmPgP8WfwJsOEFehaJvEA==";
};

options {
default-key "rndckey";
default-server 127.0.0.1;
default-port 953;
};

#

• copy the section between # Start of rndc.conf and # End of rndc.conf, and save it as /etc/rndc.conf. Using the example output above, the /etc/rndc.conf file would look as follows:

key "rndckey" {
algorithm hmac-md5;
secret "MpmPgP8WfwJsOEFehaJvEA==";
};

options {
default-key "rndckey";
default-server 127.0.0.1;
default-port 953;
};

• copy the section between # Use with the following in named.conf and # End of named.conf, into the /etc/named.caching-nameserver.conf file. Using the example output above, the following section would be added to the /etc/named.caching-nameserver.conf file:

key "rndckey" {
algorithm hmac-md5;
secret "MpmPgP8WfwJsOEFehaJvEA==";
};

controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndckey"; };
};

• for further rndc configuration details, please refer to the Configuring and Using the rndc tool section.
• to start named, run the following command as root:

service named start

Permissions

Run the following commands as root to set the correct mode, and user and group ownership for each file:

chown named:named /etc/named.caching-nameserver.conf; chown named:named /etc/named.rfc1912.zones

chmod 600 /etc/named.caching-nameserver.conf; chmod 600 /etc/named.rfc1912.zones

The zone database files in the /var/named/ directory, such as localdomain.zone, and localhost.zon, have read and write permissions by default. For security, it is recommended that these files are read-only. To make these files read-only, run the following command as root:

chmod 400 localdomain.zone  localhost.zone  named.broadcast  named.ca  named.ip6.local  named.local  named.zero

Administration Guide - TOC

Previous Page - Running BIND in a chroot jail

Next Page - DNS and Mail

Copyright © 2012 Red Hat, Inc. and others. All Rights Reserved. For comments or queries, please contact us.

The Fedora Project is maintained and driven by the community and sponsored by Red Hat. This is a community maintained site. Red Hat is not responsible for content.

• This page was last modified on 4 March 2009, at 17:49.
• Content is available under Attribution-Share Alike 3.0 Unported.

• Privacy policy
• About FedoraProject
• Disclaimers
• Sponsors
• Legal
• Trademark Guidelines