====== Caching only DNS ======
* [[https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-caching-or-forwarding-dns-server-on-ubuntu-14-04]]
* [[https://aacable.wordpress.com/2011/07/04/setup-a-forwarding-caching-only-dns-server-on-ubuntu/]]
===== Installation auf Ubuntu 24.04 =====
systemctl status systemd-resolved
sudo vim /etc/systemd/resolved.conf
[Resolve]
DNS=8.8.8.8 1.1.1.1
Cache=yes
DNSStubListener=yes
sudo systemctl restart systemd-resolved
sudo systemctl enable systemd-resolved
sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
===== Installation auf Ubuntu 16.04 =====
> apt install bind9 bind9utils
# run resolvconf?
RESOLVCONF=no
# startup options for the server
OPTIONS="-4 -u bind"
//
// Caching only DNS Server
// https://fxdata.cloud/tutorials/configure-bind-as-a-caching-or-forwarding-dns-server-on-ubuntu-14-04
//
//acl goodclients {
// 10.10.0.9;
// 127.0.1.1;
// 127.0.0.1;
// localhost;
// localnets;
//};
acl goodclient {
localhost;
localnets;
};
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
recursion yes;
// allow-query {
// goodclients;
// };
forwarders {
8.8.8.8; // Google DNS 1
4.4.4.4; // Google DNS 2
1.1.1.1; // popular DNS
};
forward only;
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
//dnssec-validation auto;
dnssec-enable yes;
dnssec-validation yes;
auth-nxdomain no; # conform to RFC1035
//listen-on-v6 { any; };
listen-on-v6 { none; };
#----------------------------------------------------------------------#
query-source address * port 53;
listen-on {
127/8;
};
allow-query { goodclient; };
};
> service bind9 restart
===== Installation auf Ubuntu 14.04 =====
> apt install bind9 bind9utils
# run resolvconf?
RESOLVCONF=no
# startup options for the server
OPTIONS="-4 -u bind"
//
// Caching only DNS Server
// https://fxdata.cloud/tutorials/configure-bind-as-a-caching-or-forwarding-dns-server-on-ubuntu-14-04
//
//acl goodclients {
// 10.10.0.9;
// 127.0.1.1;
// 127.0.0.1;
// localhost;
// localnets;
//};
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
recursion yes;
// allow-query {
// goodclients;
// };
forwarders {
8.8.8.8;
};
//forward only;
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
//dnssec-validation auto;
dnssec-enable yes;
dnssec-validation yes;
auth-nxdomain no; # conform to RFC1035
//listen-on-v6 { any; };
listen-on-v6 { none; };
#----------------------------------------------------------------------#
query-source address * port 53;
listen-on {
127/8;
};
};
> service bind9 restart