Medina, Antonio <antonio.med...@gibtele.com> wrote: > > We have noticed that each query forwarded towards root servers creates > an extra NS ROOT query.
This is due to a long-standing bug which was recently fixed. You need change number 4770 - see https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=blob;f=CHANGES;hb=v9_9#l169 Complain to your vendor if it isn't present in their mystery meat version. > In addition, we are going to configure a second provider that has warned > us on they do not reply to NS ROOT queries. Could this pose a problem > for our DNS servers? Is it possible to instruct our DNS servers not to > perform root priming? Jeez, are they deliberately trying to break things? :-) You should find that it works as they require if you configure the root zone on your server as a static-stub zone, with the server-addresses clause pointing at your upstreams. From a brief test I think this suppresses the priming queries, but I'm running bleeding edge BIND, so your milage may vary. I have a crazy setup on my test server, with a local mirror of the root zone (which feeds https://twitter.com/diffroot). Because BIND does not normally validate authoritative data, I have separate views for authoritative service and recursive service. The rec view is configured with static-stub versions of all the auth zones, pointing at localhost. When I remove the static-stub root zone and restart the server, it logs about sending priming queries; when I restart with my usual configuration it does not. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode Irish Sea: Westerly 5 to 7, occasionally gale 8 at first, becoming variable 3 or 4. Moderate or rough, becoming slight. Wintry showers, rain later in south. Good, occasionally poor. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
