In message <20130521134214.ga11...@h.detebe.org>, "Elmar K. Bins" writes: > Re Mark, > > thanks for your answer (and good morning!), > > ma...@isc.org (Mark Andrews) wrote: > > > > > Recursion is off, and the root hints file has been removed from the local > > > zone config. No effect. > > > > Authoritative nameservers still need to lookup address of nameservers > > to send NOTIFY messages. The message you see are as a result of > > the nameserver doing these lookups. > > Oh, I forgot to mention that all master zones have "notify explicit;" set. > (Is there a global setting for that?)
What about the slave zones? They also send notify messages. > So in theory they should not bother looking up root stuff. > > > Additionally you have DNSSEC validation and/or managed keys for the > > root enabled. > > Err...by default? How do I switch this off? No. You have enabled it. > These BIND servers are really strictly internal, no outside routing, no > forwarders, they are being used for loading, auto-signing and then > serving-to-internal-slaves a handful of master zones, everything based on > local info. They can't look anything up and yet they work. So well...maybe > those lookups are really not needed? > > Cheers, > Elmar. > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
