On Fri, Nov 23, 2001 at 07:31:59PM -0800, Randy Beaudreault wrote:
> That should have been caching-only server.

So I think the named.conf file provided with NetBSD works without changes.

In the options { } section you may want to add a forwarders line,
so that your cahing DNS asks your provider DNS before doing a full search
itself (this allows to benefit from the cache of the provider). Something like:
forwarders {62.4.16.70; 62.4.17.109;};
(you have to adjust the IP addresses or course :)
You may also want to restrict recursion to local machine (to avoid attacks
based on nameserver cache poisoning). For this define an ACL for your local
IP addresses:
acl local {
        127.0.0.1;
	10.0.0.0/24;
	10.0.1.0/24;
};

and then add a:
 allow-recursion {local;};
line to your options { } section.

--
Manuel Bouyer <bouyer@antioche.eu.org>
--