I have 3 servers running as DNS servers
DNS Server #1: 111.111.111.111
DNS Server #2: 222.222.222.222
DNS Server #3: 333.333.333.333
The above servers are our DNS servers.
We then have 20+ servers with over 1000 IP addresses assigned to them running web-hosting/reseller hosting etc.
All of these servers are setup to to syncronize any changes to the DNS servers only.
Unfortunately our servers are currently set to allow recursion (not good), we are working on disabling this - however as the servers handle over 20k DNS zones we want to make sure we get it right the first time.
So my question is, is it correct in saying that the DNS servers named.conf should include the following:
Under the options section in named.conf
Own section ion named.conf
-----------------------------------------------------------------------------------------------------
The next issue I have is what should the web servers (not the DNS server) named.conf include, the same as per above or also the IP addresses assigned to the server?
Under the options section in named.conf
Own section ion named.conf
DNS Server #1: 111.111.111.111
DNS Server #2: 222.222.222.222
DNS Server #3: 333.333.333.333
The above servers are our DNS servers.
We then have 20+ servers with over 1000 IP addresses assigned to them running web-hosting/reseller hosting etc.
All of these servers are setup to to syncronize any changes to the DNS servers only.
Unfortunately our servers are currently set to allow recursion (not good), we are working on disabling this - however as the servers handle over 20k DNS zones we want to make sure we get it right the first time.
So my question is, is it correct in saying that the DNS servers named.conf should include the following:
Under the options section in named.conf
Code:
allow-recursion { trusted; };
allow-notify { trusted; };
Code:
acl "trusted" {
127.0.0.1;
111.111.111.111 # DNS Server #1
222.222.222.222 # DNS Server #2
333.333.333.333 # DNS Server #3
118.111.111.111; # IP address from resolv.conf
118.111.111.111; # IP address from resolv.conf
};
The next issue I have is what should the web servers (not the DNS server) named.conf include, the same as per above or also the IP addresses assigned to the server?
Under the options section in named.conf
Code:
allow-recursion { trusted; };
allow-notify { trusted; };
Code:
acl "trusted" {
127.0.0.1;
111.111.111.111 # DNS Server #1
222.222.222.222 # DNS Server #2
333.333.333.333 # DNS Server #3
118.111.111.111; # IP address from resolv.conf
118.111.111.111; # IP address from resolv.conf
[B]1.2.3.4 # IP address assigned to the server (used for clients dedicated IP for SSL)
4.5.6.7 # IP address assigned to the server (used for clients dedicated IP for SSL)[/B]
};