Stub zones, but secndary?
Cathy Almond
cathya at isc.org
Mon Nov 20 08:31:13 UTC 2023
Have you looked at mirror zones for root?
Zone type "mirror" = it's appropriate for "." but not for other zones.
(Oh - and don't forget to disable ixfr for this zone when you do that -
it's more efficient for the validation step)
Details in the BIND ARM.
Cathy
On 19/11/2023 21:10, Elmar K. Bins wrote:
> Good evening,
>
> my freshly recrafted DNS servers got the latest BIND 9.18 pkg from FreeBSD.
> They're all supposed to only respond for a certain set of zones to the outside,
> but should be able to be used as a resolver from localhost.
>
> The pkg comes with a default config that slaves "." and its cousins instead
> of pushing a static hints file. I like this.
>
> Unfortunately, the config just has them as slave zones, without a "hint"
> marking. Anybody can query the box for them. I don't like this.
>
> I've put the appropriate "allow-query { localhost; };" into every friggin'
> zone entryto every friggin' zone entry. I REALLY don't like this.
>
> I'm wondering whether there's a more elegant way. Like "secondary-hint" zones.
> Have I overlooked something?
>
> Thanks for any pointers,
> Elmar.
>
More information about the bind-users
mailing list