Add a root to an Internal DNS server

Fri Jan 21 11:02:18 UTC 2000

>>>>> "Soraya" == Soraya Hassanaly <SHassanaly at siticom.fr> writes:

    Soraya> Hi All, I have an Internal DNS, which I was said seemed to
    Soraya> work without any root configured on it.

There will probably be a lot of complaints in the name server logs
about not being able to find the root zone. Name servers need to know
where the root name servers are located.

    Soraya> The current internal domain is xxxx.net. If I want to add another
    Soraya> domain - yyyy.org - and make some delegation for it, I
    Soraya> think I have to add the root domain and then configure the
    Soraya> delegation.

Indeed.

    Soraya> But how do I add the root domain in the DNS,?

The same was as you'd do any other domain. Create a zone file for it
and appropriate zone statements for it in named.conf:
	zone "." {
		type master;
		file "root";
	}

The root zone file could look something like:

	$TTL 86400
	. IN SOA ns.xxx.net hostmaster.xxx.net (
		serial
		refresh
		retry
		expire
		minTTL
		)
	; delegation for xxx.net
	xxx.net. IN NS ns.xxx.net.
	xxx.net. IN NS ns.yyy.org.
	; delegation for yyy.org
	yyy.org. IN NS ns.xxx.net.
	yyy.org. IN NS ns.yyy.org.
	; glue for the above NS records
	ns.xxx.net. IN NS 10.9.8.7
	ns.yyy.org. IN NS 10.11.12.13

Note that the root zone file above delegates straight to xxx.net and
yyy.org: there is no need for an explicit delegation of the .org and
.net zones.

Remember that if your name server is authoritative for ".", there's no
need for a hints zone and named.cache file for the root zone.

    Soraya> What are the impacts?

Anyone querying this name server will only see your internal name
space, not the Internet. This is usually why people set up their own
root zone on their internal network. And you better make sure that
details of your internal root doesn't leak out to something that's on
the internet.