Disable Root Hints
blrmaani
blrmaani at gmail.com
Mon Oct 27 16:13:32 UTC 2008
I guess forwarding queries in root zone (.) also work. But I don't
know if this causes any other side effects.
// Recursion should be enabled before adding the block below:
zone "." {
type forward;
forward only;
forwarders { <your internal ips>; };
};
cheers
Blr
On Oct 23, 4:14 pm, Chris Buxton <cbux... at menandmice.com> wrote:
> On Oct 23, 2008, at 12:33 PM, Eric Reischer wrote:
>
>
>
>
>
> > Greetings all. I have a private network that is not (and will not
> > ever
> > be) connected to the Internet, but I want to set up an internal DNS
> > server to help navigating between machines. I've successfully set
> > up my
> > domain (foo.com, let's say) root file and the server is answering
> > queries to it dutifully, but I want to disable fallover to the
> > root-servers in the event the local server cannot resolve a name
> > (since
> > they'll never be reachable). However it seems that newer versions of
> > BIND9 actually have the root servers primed in the program at
> > compile-time, irrespective of the root hints file.
>
> > My question is, will it be sufficient to create a new root hints file
> > that has [A-M].ROOT-SERVERS.NET all defined as 192.168.0.2 (my BIND9
> > server's address), or will some other method be more prudent? Will
> > this
> > create a circular reference? My goal is to have the server return an
> > NXDOMAIN rather than a SERVFAIL on a query to a host that isn't in the
> > local table. The other thought I had was to create zone files for
> > "com", "net", "edu", etc, and have them all empty.
>
> > Thanks.
>
> Set up a private root zone. There is no need to list all of the names
> of the public root servers. Just create a root zone that delegates
> your private domain name, like this:
>
> $TTL 1d
> . SOA [put the 7 SOA data fields here]
> NS your.server.foo.com.
> foo.com. NS your.server.foo.com.
>
> Chris Buxton
> Professional Services
> Men & Mice- Hide quoted text -
>
> - Show quoted text -
More information about the bind-users
mailing list