Internal roots and forwarders
Craig Simms
craig.simms at globalone.net
Wed Feb 21 21:30:37 UTC 2001
Hello all,
My company has its internal DNS configuration secured behind a firewall. By
design, our internet queries should be directed to the proxy/firewall.
Recently, I, being the master "." administrator accidentally listed a
non-internal root server in the root.dB file. All other root servers in our
domain either bind 4 or bind 8 are configured to obtain either a secondary
or slave copy of root.db. Apparently a number of caching only servers were
configured to do the same.
The "accidental internal root" happened to be configured as a forwarder. A
great number of dns servers began experiencing time-outs when querying
".com,.edu, .gov" anything outside of our domain.
What I am looking for, is a configuration that will protect our internal
domain worldwide from myself or any other admin of a root server that may
either accidentally or purposely configure their root server as a forwarder.
Could the use of root.cache and/or hints configuration ensure that we are
protected?
Craig E. Simms
Lead Systems Analyst
craig.simms at globalone.net
703-471-2372
More information about the bind-users
mailing list