The rule of thumb is: BIND instances need access to a root zone. Either
a) you forward for it, or
b) you are authoritative (master or slave) for it, or
c) you're set up as a "stub" for it,
d) you prime it via the contents of an explicitly-configured "hints"
zone, or
e) you use the compiled-in Internet root hints to prime
Currently you're exercising option (e), but that doesn't work out too
well, since you're isolated from the Internet root. Your instance is
constantly trying to query unreachable nameservers.
So, pick one of the other options and go with it. If no-one else on your
isolated network happens to be serving an internal root zone that you
can lunch off, then your only real option is (b), where you are the
master of your own root zone. Then, you can impress all of your friends
by offering to let them lunch off you...
- Kevin
On 5/21/2013 9:42 AM, Elmar K. Bins wrote:
Re Mark,
thanks for your answer (and good morning!),
ma...@isc.org (Mark Andrews) wrote:
Recursion is off, and the root hints file has been removed from the local
zone config. No effect.
Authoritative nameservers still need to lookup address of nameservers
to send NOTIFY messages. The message you see are as a result of
the nameserver doing these lookups.
Oh, I forgot to mention that all master zones have "notify explicit;" set.
(Is there a global setting for that?)
So in theory they should not bother looking up root stuff.
Additionally you have DNSSEC validation and/or managed keys for the
root enabled.
Err...by default? How do I switch this off?
These BIND servers are really strictly internal, no outside routing, no
forwarders, they are being used for loading, auto-signing and then
serving-to-internal-slaves a handful of master zones, everything based on
local info. They can't look anything up and yet they work. So well...maybe
those lookups are really not needed?
Cheers,
Elmar.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
