Providing proxy DNS service with an all-the-hats-at-once DNS server software.

You've come to this page because you've asked a question similar to the following:

My DNS server software is one of the ones that vainly try to wear all of the hats at once. How do I configure it to provide proxy DNS service, so that I can look up the DNS data that are published by the rest of Internet ?

This is the Frequently Given Answer to that question.

What you do if you use Microsoft's DNS server

Best practice is to have separate content and proxy DNS servers, and thus to remove all DNS database content from the server, apart from the content that is recommended by RFC 1912 § 4.1. Some DNS server softwares don't require explicit DNS database content at all in order to address this issue, because they simply generate the answers for "localhost.", "1.0.0.127.in-addr.arpa.", and the like on the fly. Microsoft's DNS server, however, simply automatically re-creates certain "zones", covering most of these domain names, in its DNS database at service startup, populating them with fixed, well-known, content.

What you do if you use ISC's BIND

Best practice is to have separate content and proxy DNS servers, and thus to remove all DNS database content from the server, apart from the content that is recommended by RFC 1912 § 4.1. Some DNS server softwares don't require explicit DNS database content at all in order to address this issue, because they simply generate the answers for "localhost.", "1.0.0.127.in-addr.arpa.", and the like on the fly. ISC's BIND requires that the administrator create, populate, and configure the relevant "zones" by hand.


© Copyright 2003,2012 Jonathan de Boyne Pollard. "Moral" rights asserted.
Permission is hereby granted to copy and to distribute this web page in its original, unmodified form as long as its last modification datestamp is preserved.