root Servers referral
Joseph S D Yao
jsdy at center.osis.gov
Wed Mar 14 17:42:53 UTC 2007
On Wed, Mar 14, 2007 at 12:58:28PM -0400, Sangoi, Nehal (GE Supply, consultant) wrote:
> Hi All
>
> How can I refer to root DNS servers while creating the Master DNS server
> for brand new domain name? What ports need to be opened on internet
> facing firewall?
Two separate questions.
1: If you are creating an authoritative-only name server, you don't.
Instead, create a dummy zone "." pointing to an empty zone file. [This
isn't NECESSARY, but it helps lock down the authoritative-only server.]
If you are creating a recursively resolving name server, see DNS & BIND
5th edition pp. 63-65. It's quite easy to declare a root "hints" file.
In fact, many recent versions of BIND 9 don't even need this, if you are
running on the public Internet, because they have a built-in version;
but I like to hold on to my root hints files. ;-)
2: UDP port 53 and TCP port 53. Don't let anyone tell you that TCP port
53 is not needed: for resolving, it's needed! But also, you may not
want to leave them wide open, but only open from your resolving name
servers to the public Internet, and from the public Internet to your
authoritative name servers. And if there's any filtering for bad
addresses (RFC 1918 and multicast e.g.) and bad IP packets, use it.
--
Joe Yao
Analex Contractor
More information about the bind-users
mailing list