Authoritative internal server - how do I get rid of...
Mark Andrews
marka at isc.org
Tue May 21 13:52:21 UTC 2013
In message <20130521134214.GA11898 at h.detebe.org>, "Elmar K. Bins" writes:
> Re Mark,
>
> thanks for your answer (and good morning!),
>
> marka at isc.org (Mark Andrews) wrote:
>
>
> > > Recursion is off, and the root hints file has been removed from the local
> > > zone config. No effect.
> >
> > Authoritative nameservers still need to lookup address of nameservers
> > to send NOTIFY messages. The message you see are as a result of
> > the nameserver doing these lookups.
>
> Oh, I forgot to mention that all master zones have "notify explicit;" set.
> (Is there a global setting for that?)
What about the slave zones? They also send notify messages.
> So in theory they should not bother looking up root stuff.
>
> > Additionally you have DNSSEC validation and/or managed keys for the
> > root enabled.
>
> Err...by default? How do I switch this off?
No. You have enabled it.
> These BIND servers are really strictly internal, no outside routing, no
> forwarders, they are being used for loading, auto-signing and then
> serving-to-internal-slaves a handful of master zones, everything based on
> local info. They can't look anything up and yet they work. So well...maybe
> those lookups are really not needed?
>
> Cheers,
> Elmar.
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list