Need help to know about ROOT DNS query

Warren Kumari warren at kumari.net
Thu Mar 17 15:20:12 UTC 2011 

Nah, that's fine (and normal).

BIND comes configured with the roots so that it can start resolution. I guess I don't fully understand your concern here -- is it that you are worried that the root might see queries and so know your internal hostnames?

W

Warren Kumari
------
Please excuse typing, etc -- This was sent from a device with a tiny keyboard.

On Mar 17, 2011, at 7:20 AM, babu dheen <babudheen at yahoo.co.in> wrote:

> Hi,
>  
>  We have two internal Windows DNS servers which answer all DNS query by forwarding it to gateway DNS server running in Redhat BIND. But i have a query regarding allowing ROOT DNS query on internal DNS server.
>  
> Can anyone let me know whether company Internal DNS server should respond to ROOT DNS query. When i execute # dig . NS @my-company-name-server query  I am getting complete response
>  
>  Let me know whether enabling ROOT DNS query is a security threat. For more informaton can you read and help us to securely configure our company internal Windows DNS server and its impact of disabling it.
>  
>  
> ; <<>> DiG 9.3.3rc2 <<>> . NS @10.0.0.1
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34899
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 10
> ;; QUESTION SECTION:
> ;.                              IN      NS
> ;; ANSWER SECTION:
> .                       49842   IN      NS      j.root-servers.net.
> .                       49842   IN      NS      k.root-servers.net.
> .                       49842   IN      NS      l.root-servers.net.
> .                       49842   IN      NS      m.root-servers.net.
> .                       49842   IN      NS      a.root-servers.net.
> .                       49842   IN      NS      b.root-servers.net.
> .                       49842   IN      NS      c.root-servers.net.
> .                       49842   IN      NS      d.root-servers.net.
> .                       49842   IN      NS      e.root-servers.net.
> .                       49842   IN      NS      f.root-servers.net.
> .                       49842   IN      NS      g.root-servers.net.
> .                       49842   IN      NS      h.root-servers.net.
> .                       49842   IN      NS      i.root-servers.net.
> ;; ADDITIONAL SECTION:
> j.root-servers.net.     49842   IN      A       192.58.128.30
> a.root-servers.net.     49842   IN      A       198.41.0.4
> b.root-servers.net.     49842   IN      A       192.228.79.201
> c.root-servers.net.     49842   IN      A       192.33.4.12
> d.root-servers.net.     49842   IN      A       128.8.10.90
> e.root-servers.net.     49842   IN      A        192.203.230.10
> f.root-servers.net.     49842   IN      A       192.5.5.241
> g.root-servers.net.     49842   IN      A       192.112.36.4
> h.root-servers.net.     49842   IN      A       128.63.2.53
> i.root-servers.net.     49842   IN      A       192.36.148.17
> ;; Query time: 34 msec
> ;; SERVER: 10.0.0.1#53(10.132.1.13)
> ;; WHEN: Thu Mar 17 17:16:18 2011
> ;; MSG SIZE  rcvd: 401
> 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110317/201446ba/attachment.html>

More information about the bind-users mailing list