connections to root servers
Emmanuel Fusté
manu.fuste at gmail.com
Mon Dec 19 19:32:58 UTC 2022
Le 19/12/2022 à 20:06, BÖSCH Christian a écrit :
>
> Hello,
>
> I have two bind dns servers as client resolvers with local zones and
> for the rest
>
> configured forwarders. The root zone “.” and hints file is commented out.
>
> In the connection logs on the firewall I see a lot of connections from
> the resolvers
>
> to the root dns servers.
>
> So can anybody explain why this happens? In my opinion everything
> should go to
>
> the forwarders and I’m also wondering how bind knows about the root
> servers
>
> when there is no hint file?
>
> Thanks,
>
> Christian
>
>
It will use build-in fallback definition.
Use the "forward only" directive with the forwarders declaration.
The primary use case for overwriting the root zone/hint content is for
private root server implementation in totally disconnected/fully
private DNS infrastructure.
Otherwise, global forwarders with forward only directive are sufficient
to stop any direct root servers queries.
Emmanuel.
More information about the bind-users
mailing list