Disable Root Hints

Tue Oct 28 00:24:42 UTC 2008

In article <ge4pmk$17vq$1 at sf1.isc.org>, blrmaani <blrmaani at gmail.com> 
wrote:

> I guess forwarding queries in root zone (.) also work. But I don't
> know if this causes any other side effects.
> 
> // Recursion should be enabled before adding the block below:
> 
> zone "." {
>   type forward;
>   forward only;
>   forwarders { <your internal ips>; };
> };

Isn't this equivalent to configuring forwarding in the options section?

> 
> cheers
> Blr
> 
> On Oct 23, 4:14 pm, Chris Buxton <cbux... at menandmice.com> wrote:
> > On Oct 23, 2008, at 12:33 PM, Eric Reischer wrote:
> >
> >
> >
> >
> >
> > > Greetings all.  I have a private network that is not (and will not  
> > > ever
> > > be) connected to the Internet, but I want to set up an internal DNS
> > > server to help navigating between machines.  I've successfully set  
> > > up my
> > > domain (foo.com, let's say) root file and the server is answering
> > > queries to it dutifully, but I want to disable fallover to the
> > > root-servers in the event the local server cannot resolve a name  
> > > (since
> > > they'll never be reachable).  However it seems that newer versions of
> > > BIND9 actually have the root servers primed in the program at
> > > compile-time, irrespective of the root hints file.
> >
> > > My question is, will it be sufficient to create a new root hints file
> > > that has [A-M].ROOT-SERVERS.NET all defined as 192.168.0.2 (my BIND9
> > > server's address), or will some other method be more prudent?  Will  
> > > this
> > > create a circular reference?  My goal is to have the server return an
> > > NXDOMAIN rather than a SERVFAIL on a query to a host that isn't in the
> > > local table.  The other thought I had was to create zone files for
> > > "com", "net", "edu", etc, and have them all empty.
> >
> > > Thanks.
> >
> > Set up a private root zone. There is no need to list all of the names  
> > of the public root servers. Just create a root zone that delegates  
> > your private domain name, like this:
> >
> > $TTL 1d
> > .  SOA  [put the 7 SOA data fields here]
> >     NS   your.server.foo.com.
> > foo.com.  NS  your.server.foo.com.
> >
> > Chris Buxton
> > Professional Services
> > Men & Mice- Hide quoted text -
> >
> > - Show quoted text -

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***