OK one last Update and One Last Question (For Now )
Ok, I did the server reboot, all went fine, and actually pages coming up faster then beforeā¦
I used a Global Propagation Checker for the NS (Multiple Location Check), and Internic has it exactly as I want it, So Iām just going to leave that be, As It seems correctā¦
Can one of you check this, My RESOLV.CONF and Verify Iām not on any other NS then my own, I mean, Not on the Global Internet, To serve other Sitesā¦
This Part:
If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
I only want to serve my forum pagesā¦ I Believe itās right, I just want to verifyā¦ Thanks
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. //options {
listen-on port 53 {
any;
};
listen-on-v6 port 53 {
any;
};
directory ā/var/namedā;
dump-file ā/var/named/data/cache_dump.dbā;
statistics-file ā/var/named/data/named_stats.txtā;
memstatistics-file ā/var/named/data/named_mem_stats.txtā;
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file ādata/named.runā;
severity dynamic;
};
};
zone ā.ā IN {
type hint;
file ānamed.caā;
};
include ā/etc/named.rfc1912.zonesā;
include ā/etc/named.root.keyā;
zone āandroid-x86.netā {
type master;
file ā/var/named/android-x86.net.hostsā;
also-notify {
...; (*** NS1 IP CORRECT
};
allow-transfer {
...*; **** NS! IP CORRECT
};
notify yes;
};
Thanks, I think, Thatād handle this for now, Iāll check back later (Couple Days) to put in a final word on this but as of now it all looks goodā¦
Mike