Re Mark,
thanks for your answer (and good morning!),
ma...@isc.org (Mark Andrews) wrote:
> > Recursion is off, and the root hints file has been removed from the local
> > zone config. No effect.
>
> Authoritative nameservers still need to lookup address of nameservers
> to send NOTIFY messages. The message you see are as a result of
> the nameserver doing these lookups.
Oh, I forgot to mention that all master zones have "notify explicit;" set.
(Is there a global setting for that?)
So in theory they should not bother looking up root stuff.
> Additionally you have DNSSEC validation and/or managed keys for the
> root enabled.
Err...by default? How do I switch this off?
These BIND servers are really strictly internal, no outside routing, no
forwarders, they are being used for loading, auto-signing and then
serving-to-internal-slaves a handful of master zones, everything based on
local info. They can't look anything up and yet they work. So well...maybe
those lookups are really not needed?
Cheers,
Elmar.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
