Re: Disable Root Hints - DNS

This is a discussion on Re: Disable Root Hints - DNS ; On Oct 23, 2008, at 12:33 PM, Eric Reischer wrote: > Greetings all. I have a private network that is not (and will not > ever > be) connected to the Internet, but I want to set up an internal ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Re: Disable Root Hints

  1. Re: Disable Root Hints

    On Oct 23, 2008, at 12:33 PM, Eric Reischer wrote:

    > Greetings all. I have a private network that is not (and will not
    > ever
    > be) connected to the Internet, but I want to set up an internal DNS
    > server to help navigating between machines. I've successfully set
    > up my
    > domain (foo.com, let's say) root file and the server is answering
    > queries to it dutifully, but I want to disable fallover to the
    > root-servers in the event the local server cannot resolve a name
    > (since
    > they'll never be reachable). However it seems that newer versions of
    > BIND9 actually have the root servers primed in the program at
    > compile-time, irrespective of the root hints file.
    >
    > My question is, will it be sufficient to create a new root hints file
    > that has [A-M].ROOT-SERVERS.NET all defined as 192.168.0.2 (my BIND9
    > server's address), or will some other method be more prudent? Will
    > this
    > create a circular reference? My goal is to have the server return an
    > NXDOMAIN rather than a SERVFAIL on a query to a host that isn't in the
    > local table. The other thought I had was to create zone files for
    > "com", "net", "edu", etc, and have them all empty.
    >
    > Thanks.


    Set up a private root zone. There is no need to list all of the names
    of the public root servers. Just create a root zone that delegates
    your private domain name, like this:

    $TTL 1d
    .. SOA [put the 7 SOA data fields here]
    NS your.server.foo.com.
    foo.com. NS your.server.foo.com.

    Chris Buxton
    Professional Services
    Men & Mice



  2. Re: Disable Root Hints

    I guess forwarding queries in root zone (.) also work. But I don't
    know if this causes any other side effects.

    // Recursion should be enabled before adding the block below:

    zone "." {
    type forward;
    forward only;
    forwarders { ; };
    };

    cheers
    Blr

    On Oct 23, 4:14*pm, Chris Buxton wrote:
    > On Oct 23, 2008, at 12:33 PM, Eric Reischer wrote:
    >
    >
    >
    >
    >
    > > Greetings all. *I have a private network that is not (and will not *
    > > ever
    > > be) connected to the Internet, but I want to set up an internal DNS
    > > server to help navigating between machines. *I've successfully set *
    > > up my
    > > domain (foo.com, let's say) root file and the server is answering
    > > queries to it dutifully, but I want to disable fallover to the
    > > root-servers in the event the local server cannot resolve a name *
    > > (since
    > > they'll never be reachable). *However it seems that newer versions of
    > > BIND9 actually have the root servers primed in the program at
    > > compile-time, irrespective of the root hints file.

    >
    > > My question is, will it be sufficient to create a new root hints file
    > > that has [A-M].ROOT-SERVERS.NET all defined as 192.168.0.2 (my BIND9
    > > server's address), or will some other method be more prudent? *Will *
    > > this
    > > create a circular reference? *My goal is to have the server return an
    > > NXDOMAIN rather than a SERVFAIL on a query to a host that isn't in the
    > > local table. *The other thought I had was to create zone files for
    > > "com", "net", "edu", etc, and have them all empty.

    >
    > > Thanks.

    >
    > Set up a private root zone. There is no need to list all of the names *
    > of the public root servers. Just create a root zone that delegates *
    > your private domain name, like this:
    >
    > $TTL 1d
    > . *SOA *[put the 7 SOA data fields here]
    > * * NS * your.server.foo.com.
    > foo.com. *NS *your.server.foo.com.
    >
    > Chris Buxton
    > Professional Services
    > Men & Mice- Hide quoted text -
    >
    > - Show quoted text -




  3. Re: Disable Root Hints

    In article , blrmaani
    wrote:

    > I guess forwarding queries in root zone (.) also work. But I don't
    > know if this causes any other side effects.
    >
    > // Recursion should be enabled before adding the block below:
    >
    > zone "." {
    > type forward;
    > forward only;
    > forwarders { ; };
    > };


    Isn't this equivalent to configuring forwarding in the options section?

    >
    > cheers
    > Blr
    >
    > On Oct 23, 4:14 pm, Chris Buxton wrote:
    > > On Oct 23, 2008, at 12:33 PM, Eric Reischer wrote:
    > >
    > >
    > >
    > >
    > >
    > > > Greetings all. I have a private network that is not (and will not
    > > > ever
    > > > be) connected to the Internet, but I want to set up an internal DNS
    > > > server to help navigating between machines. I've successfully set
    > > > up my
    > > > domain (foo.com, let's say) root file and the server is answering
    > > > queries to it dutifully, but I want to disable fallover to the
    > > > root-servers in the event the local server cannot resolve a name
    > > > (since
    > > > they'll never be reachable). However it seems that newer versions of
    > > > BIND9 actually have the root servers primed in the program at
    > > > compile-time, irrespective of the root hints file.

    > >
    > > > My question is, will it be sufficient to create a new root hints file
    > > > that has [A-M].ROOT-SERVERS.NET all defined as 192.168.0.2 (my BIND9
    > > > server's address), or will some other method be more prudent? Will
    > > > this
    > > > create a circular reference? My goal is to have the server return an
    > > > NXDOMAIN rather than a SERVFAIL on a query to a host that isn't in the
    > > > local table. The other thought I had was to create zone files for
    > > > "com", "net", "edu", etc, and have them all empty.

    > >
    > > > Thanks.

    > >
    > > Set up a private root zone. There is no need to list all of the names
    > > of the public root servers. Just create a root zone that delegates
    > > your private domain name, like this:
    > >
    > > $TTL 1d
    > > . SOA [put the 7 SOA data fields here]
    > > NS your.server.foo.com.
    > > foo.com. NS your.server.foo.com.
    > >
    > > Chris Buxton
    > > Professional Services
    > > Men & Mice- Hide quoted text -
    > >
    > > - Show quoted text -


    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE don't copy me on replies, I'll read them in the group ***


  4. Re: Disable Root Hints

    On Oct 27, 2008, at 5:24 PM, Barry Margolin wrote:

    > In article , blrmaani
    > wrote:
    >
    >> I guess forwarding queries in root zone (.) also work. But I don't
    >> know if this causes any other side effects.
    >>
    >> // Recursion should be enabled before adding the block below:
    >>
    >> zone "." {
    >> type forward;
    >> forward only;
    >> forwarders { ; };
    >> };

    >
    > Isn't this equivalent to configuring forwarding in the options
    > section?


    Yes it is.

    Chris Buxton
    Professional Services
    Men & Mice



  5. Re: Disable Root Hints

    "Barry Margolin" wrote in message
    news:ge5mfu$21j3$1@sf1.isc.org...
    > In article , blrmaani
    > wrote:
    >
    > > I guess forwarding queries in root zone (.) also work. But I don't
    > > know if this causes any other side effects.
    > >
    > > // Recursion should be enabled before adding the block below:
    > >
    > > zone "." {
    > > type forward;
    > > forward only;
    > > forwarders { ; };
    > > };

    >
    > Isn't this equivalent to configuring forwarding in the options section?


    Technically no. It will direct queries that start from the top-down, but
    will not direct queries to the forwarders for any other specifically defined
    zone. So what's the difference? Stub zones. I assume that master and
    slave zones would be answered directly.




+ Reply to Thread