Archive:Docs/Drafts/AdministrationGuide/Servers/DNSBIND/BINDCache

= DNS and BIND =

Cache-only Nameserver
A cache-only nameserver does not hold authoritative information for a zone or a domain. Instead, it performs recursive queries, and caches the results. This results in less network traffic for commonly accessed websites.

To use BIND as a cache-only nameserver:


 * run the following command as root to install the caching-nameserver package:

yum install caching-nameserver


 * After the caching-nameserver package is installed, two configuration files,  and   are created. As well, the   directory is populated with sample zone database files.


 * run the following command as root to remove the  file:

rm /etc/rndc.key


 * run the following command as root to generate the  file:

/usr/sbin/rndc-confgen


 * the output will be similar to the following:

key "rndckey" { algorithm hmac-md5; secret "MpmPgP8WfwJsOEFehaJvEA=="; };

options { default-key "rndckey"; default-server 127.0.0.1; default-port 953; };




 * copy the section between # Start of rndc.conf and # End of rndc.conf, and save it as . Using the example output above, the   file would look as follows:

key "rndckey" { algorithm hmac-md5; secret "MpmPgP8WfwJsOEFehaJvEA=="; };

options { default-key "rndckey"; default-server 127.0.0.1; default-port 953; };


 * copy the section between # Use with the following in named.conf and # End of named.conf, into the  file. Using the example output above, the following section would be added to the   file:

key "rndckey" { algorithm hmac-md5; secret "MpmPgP8WfwJsOEFehaJvEA=="; };

controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndckey"; }; };


 * for further rndc configuration details, please refer to the Configuring and Using the rndc tool  section.
 * to start named, run the following command as root:

service named start

Permissions
Run the following commands as root to set the correct mode, and user and group ownership for each file:

chown named:named /etc/named.caching-nameserver.conf; chown named:named /etc/named.rfc1912.zones

chmod 600 /etc/named.caching-nameserver.conf; chmod 600 /etc/named.rfc1912.zones

The zone database files in the  directory, such as , and  , have read and write permissions by default. For security, it is recommended that these files are read-only. To make these files read-only, run the following command as root:

chmod 400 localdomain.zone localhost.zone  named.broadcast  named.ca  named.ip6.local  named.local  named.zero

{| border="1"
 * Administration Guide - TOC || Previous Page - Running BIND in a chroot jail || Next Page - DNS and Mail
 * Administration Guide - TOC || Previous Page - Running BIND in a chroot jail || Next Page - DNS and Mail