Bind 8.x and Intranets (no Internet) questions

Todd Williams twilliams at 21st-century-comm.com
Mon Dec 20 05:51:23 UTC 1999 

Here is a question that I've been searching for an answer for several
hours too long...

We had been running a prehistoric version of a Slackware 2.x install and
Bind 4.x and have upgraded to a new machine Redhat 6.1 with Bind 8.2.1.
This machine is a multi-segmented corporate "router" if you will, and
simply connects different segments of our network, and also serves as
our primary inTRAnet only DNS server.  This machine serves the internal
hosts to resolve other internal host IP's and names.  I took the working
files from the old machine, did the conversion from 4.x to 8.x, and
things seemed to be working okay.  The conversion went fine, and lookups
work as they did before, with no problem.  So, Bind is up and running
without problems -- well, almost (for the most part, at least.)

Here is the situation:  This machine is in no way shape or form attached
to the internet.  We do not want it to attempt look to the internet root
servers for answers -- they won't have the answers for these queries
anyway, not to mention that the box can't even get to the internet root
servers.  I have attempted several different things, including removing
the named.ca file (root cache), cat /dev/null > named.ca, adding a root
server of 127.0.0.1, and always it complains about something into
/var/log/messages.  Usually something like
"sysquery: findns error (SERVFAIL) on ?"  -- I don't want all those
messages cluttering my syslog file.

If a query is posed to this machine, and it is not a host in our
intranet, we want the DNS to resolve immediately as an unknown host...
instead of it trying to search (for a really long time) for an internet
root server it can't get to for an answer.  I was able to do this
previously by simply erasing the db.cache (root cache) file on the bind
4.x distribution, and it worked great!  Bind 8.x doesn't like it when I
do that.  Is there an easy way to set this up with 8.x?

The big questions are... How can I set up Bind version 8.x so that  it
does not attempt to search beyond itself to the root servers for a
resolution?  Thoughts?  Suggestions?

The other thing I'm wondering about is this:

                    named[2352]: Forwarding source address is
[0.0.0.0].2209

How can I totally turn off forwarding on Bind 8.x?  Or does this mean
that it is off -- if so, it doesn't look like it.

Please be kind and reply also to: twilliams@(anti_spam)tfcci.com,  and
remove the "(anti_spam)".

Thanks very much,

Todd Williams
Network Administrator
Twenty First Century Communications

More information about the bind-users mailing list