How does it work, if I don't give the named.ca information for cache only dns server

Sun Aug 11 06:24:21 UTC 2013

Hi All,

I have installed bind-9.8.2-0.17.rc1.el6_4.5.x86_64 on CentOS 6.3, and the
bind-chroot package is not installed.

Here is my /etc/named.conf
options {
        listen-on port 53 { 127.0.0.1; };
#       listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

#zone "." IN {
#       type hint;
#       file "named.ca";
#};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
---
As you see, I have commented out the parameter about named.ca and I also mv
the /var/named/named.ca to /var/named/named.ca.original

And start the /etc/init.d/named, after I issue #host lists.isc.org

I can still get the IP address for lists.isc.org:
----------------
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

lists.isc.org has address 149.20.64.75
lists.isc.org has IPv6 address 2001:4f8:0:2::23
lists.isc.org mail is handled by 10 mx.ams1.isc.org.
lists.isc.org mail is handled by 10 mx.pao1.isc.org.
---------------
and in the /var/log/messages, I can find these:

g 10 16:04:08 ch2-lab1 named[1924]: error (network unreachable) resolving '
isc.org/DS/IN': 2001:500:b::1#53
Aug 10 16:04:08 ch2-lab1 named[1924]: error (network unreachable) resolving
'isc.org/DS/IN': 2001:500:e::1#53
Aug 10 16:04:08 ch2-lab1 named[1924]: error (network unreachable) resolving
'isc.org/DS/IN': 2001:500:f::1#53
Aug 10 16:04:08 ch2-lab1 named[1924]: error (network unreachable) resolving
'org/DNSKEY/IN': 2001:500:40::1#53
Aug 10 16:04:08 ch2-lab1 named[1924]: error (network unreachable) resolving
'org/DNSKEY/IN': 2001:500:c::1#53
Aug 10 16:04:08 ch2-lab1 named[1924]: error (network unreachable) resolving
'org/DNSKEY/IN': 2001:500:48::1#53
Aug 10 16:04:09 ch2-lab1 named[1924]: error (network unreachable) resolving
'lists.isc.org/AAAA/IN': 2001:500:71::30#53
Aug 10 16:04:09 ch2-lab1 named[1924]: error (network unreachable) resolving
'lists.isc.org/AAAA/IN': 2001:4f8:0:2::19#53
Aug 10 16:04:09 ch2-lab1 named[1924]: error (network unreachable) resolving
'lists.isc.org/AAAA/IN': 2001:500:60::30#53

Can anyone who can tell me How the cache server can query without given
named.ca?

Thanks,
Bu Xiaobing
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130811/4a41dfa5/attachment-0001.html>