Isolating a local bind server

Rich Parkin RParkin at ldmi.com
Thu Jul 29 13:45:40 UTC 2004 

The question is, what exactly are you trying to stop from happening?

Your DNS server has to contact other nameservers to resolve anything
outside your server's authoritative or cached zones.  If you block or
stop that communication, you won't be able to resolve anything your
server doesn't know about.

Your hosts on your home network are probably using your DNS server to
resolve external domain names, depending on how you've got them
configured.  That could account for any outbound DNS traffic.  There
shouldn't be any inbound DNS traffic from outside your local network.

If you don't want that outbound query happening, you could try the
"recursion no" option statement.  Then your server won't try to answer
any queries for any zones it doesn't know about and won't go get the
answer.  Something tells me that's not what you're after, though.

What you might be after is setting up your DNS server to answer queries
from it's authoritative data and forwarding all other requests to your
ISP's DNS servers.  That way your server is only communicating with your
ISP's servers and not with the Internet at large.

Richard Parkin
CCNA
Network Engineering
LDMI Telecommunications

>>> "Dan Long" <danblong at hotmail.com> 7/28/2004 9:55:38 PM >>>
I am running Bind 9.2.3 as my domain name server for my local network. 
I am connected to the Internet through a DHCP DSL connection to my
network.  I have a domain name that I have hosted by a hosting service
on the Internet.  I am trying to create an intranet at home on my local
network and want to have my dns server only for my local network. 
However, when I start Bind, it communicates with name servers on the
Internet.  I want to stop this.  I want no communication between my
local Bind and anybody on the Internet.  Is this possible?

[snip]

So I tried commenting out all entries in the file "named.ca".  This did
not work either.

No matter what I try, there is some communication going on with outside
DNS servers.

Can anybody tell me if this is possible and if so, how to do it.

Thank you,

Dan Long

More information about the bind-users mailing list