I have this in /etc/named.conf, I commented the default values and set my own under it.
My domain would not load in browser unless I set allow-query to "any", is this OK, what should I edit? If is localhost or 127.0.0.1; 10.0.1.0/24; domain would not load.
I tried the 127.. thing because it mentioned it here: http://wiki.mandriva.com/en/Testing:Bind
Bind version is 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 OS is CentOS 6.0.
options {
// listen-on port 53 { 127.0.0.1; };
listen-on port 53 { any; };
//listen-on-v6 port 53 { ::1; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
//allow-query { localhost; };
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
When you listen-on 127.0.0.1 or localhost or ::1, and/or allow-query from localhost only, bind will answer only to queries originating from the same computer that runs bind. (It set this way in "testing" probably because they probably just meant to test that bind works without opening it to outside for security reasons.)
It is normal to set those to "any" so that it will be accessible from outside.
If your DNS server is a local caching server, set
in options. And, in each zone:
If you are not using it as a caching server, set it on options to none;
Basically, you don't want your server answering to domains you are not authoritative.
Be careful - this is not true:
If you are not using it as a caching server, set it on options to none;
Such a server doesn't reply to any packet even for domains it is authoritative for.