Ce contenu n'est pas disponible dans la langue sélectionnée.
17.2.6. Common Mistakes to Avoid
The following is a list of recommendations on how to avoid common mistakes users make when configuring a nameserver:
- Use semicolons and curly brackets correctly
- An omitted semicolon or unmatched curly bracket in the
/etc/named.conffile can prevent thenamedservice from starting. - Use period correctly
- In zone files, a period at the end of a domain name denotes a fully qualified domain name. If omitted, the
namedservice will append the name of the zone or the value of$ORIGINto complete it. - Increment the serial number when editing a zone file
- If the serial number is not incremented, the primary nameserver will have the correct, new information, but the secondary nameservers will never be notified of the change, and will not attempt to refresh their data of that zone.
- Configure the firewall
- If a firewall is blocking connections from the
namedservice to other nameservers, the recommended practice is to change the firewall settings.Warning
According to the recent research in DNS security, using a fixed UDP source port for DNS queries is a potential security vulnerability that could allow an attacker to conduct cache-poisoning attacks more easily. To prevent this, configure your firewall to allow queries from a random UDP source port.
