Disable Root Hints
Chris Buxton
cbuxton at menandmice.com
Thu Oct 23 20:14:50 UTC 2008
On Oct 23, 2008, at 12:33 PM, Eric Reischer wrote:
> Greetings all. I have a private network that is not (and will not
> ever
> be) connected to the Internet, but I want to set up an internal DNS
> server to help navigating between machines. I've successfully set
> up my
> domain (foo.com, let's say) root file and the server is answering
> queries to it dutifully, but I want to disable fallover to the
> root-servers in the event the local server cannot resolve a name
> (since
> they'll never be reachable). However it seems that newer versions of
> BIND9 actually have the root servers primed in the program at
> compile-time, irrespective of the root hints file.
>
> My question is, will it be sufficient to create a new root hints file
> that has [A-M].ROOT-SERVERS.NET all defined as 192.168.0.2 (my BIND9
> server's address), or will some other method be more prudent? Will
> this
> create a circular reference? My goal is to have the server return an
> NXDOMAIN rather than a SERVFAIL on a query to a host that isn't in the
> local table. The other thought I had was to create zone files for
> "com", "net", "edu", etc, and have them all empty.
>
> Thanks.
Set up a private root zone. There is no need to list all of the names
of the public root servers. Just create a root zone that delegates
your private domain name, like this:
$TTL 1d
. SOA [put the 7 SOA data fields here]
NS your.server.foo.com.
foo.com. NS your.server.foo.com.
Chris Buxton
Professional Services
Men & Mice
More information about the bind-users
mailing list