Disable Root Hints
Barry Margolin
barmar at alum.mit.edu
Tue Oct 28 00:24:42 UTC 2008
In article <ge4pmk$17vq$1 at sf1.isc.org>, blrmaani <blrmaani at gmail.com>
wrote:
> I guess forwarding queries in root zone (.) also work. But I don't
> know if this causes any other side effects.
>
> // Recursion should be enabled before adding the block below:
>
> zone "." {
> type forward;
> forward only;
> forwarders { <your internal ips>; };
> };
Isn't this equivalent to configuring forwarding in the options section?
>
> cheers
> Blr
>
> On Oct 23, 4:14 pm, Chris Buxton <cbux... at menandmice.com> wrote:
> > On Oct 23, 2008, at 12:33 PM, Eric Reischer wrote:
> >
> >
> >
> >
> >
> > > Greetings all. I have a private network that is not (and will not
> > > ever
> > > be) connected to the Internet, but I want to set up an internal DNS
> > > server to help navigating between machines. I've successfully set
> > > up my
> > > domain (foo.com, let's say) root file and the server is answering
> > > queries to it dutifully, but I want to disable fallover to the
> > > root-servers in the event the local server cannot resolve a name
> > > (since
> > > they'll never be reachable). However it seems that newer versions of
> > > BIND9 actually have the root servers primed in the program at
> > > compile-time, irrespective of the root hints file.
> >
> > > My question is, will it be sufficient to create a new root hints file
> > > that has [A-M].ROOT-SERVERS.NET all defined as 192.168.0.2 (my BIND9
> > > server's address), or will some other method be more prudent? Will
> > > this
> > > create a circular reference? My goal is to have the server return an
> > > NXDOMAIN rather than a SERVFAIL on a query to a host that isn't in the
> > > local table. The other thought I had was to create zone files for
> > > "com", "net", "edu", etc, and have them all empty.
> >
> > > Thanks.
> >
> > Set up a private root zone. There is no need to list all of the names
> > of the public root servers. Just create a root zone that delegates
> > your private domain name, like this:
> >
> > $TTL 1d
> > . SOA [put the 7 SOA data fields here]
> > NS your.server.foo.com.
> > foo.com. NS your.server.foo.com.
> >
> > Chris Buxton
> > Professional Services
> > Men & Mice- Hide quoted text -
> >
> > - Show quoted text -
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list