You need to explicitly define the root zone. Last I knew, BIND still
gets the root zone hardcoded into the executable and will try to Do
the Right Thing and find the root on its own even if the administrator
does not define one or provide hints.
You need something like,
zone "." {
type master;
file "empty.db";
};
On Tue, Feb 19, 2019 at 10:29 AM Roberto Carna <robertocarn...@gmail.com> wrote:
>
> Dear Matus and Kevin, please tell me if it's OK if I do thsi:
>
> named.conf:
> include "/etc/bind/named.conf.default-zones";
>
> named.conf.default-zones:
> recursion yes;
> zone "teamviewer.com" {
> type forward;
> forwarders { 8.8.8.8; };
> };
>
> named.conf.local:
> <empty>
>
> I define "recursion yes" in named.conf.default-zones.
>
> Thanks again, regards !!!
>
> El mar., 19 feb. 2019 a las 15:13, Matus UHLAR - fantomas via bind-users
> (<bind-users@lists.isc.org>) escribió:
>>
>> On 19.02.19 09:45, Roberto Carna wrote:
>> >Dear Kevin, I am sorry but I didn't see your past response.
>> >
>> >Please can you show me with an example what you say: "Define root zone.
>> >Delegate teamviewer.com from root. Define teamviewer.com as 'type forward'".
>> >
>> >An also what is the benefit in defining a root zone with the teamviewer.com
>> >delegated into it??? Because I put to work this zone just as a forward
>> >zone, without a root zone definition.
>>
>> the benefit is it does exactly what you want.
>> the "teamviewer.com" zone of type forward causes DNS resolution of
>> teamviewer.com
>> domain.
>> the root zone effectively disables everything else (because bind thinks
>> nothing else exists).
>>
>> >El lun., 18 feb. 2019 a las 17:00, Kevin Darcy (<kevin.da...@fcagroup.com>)
>> >escribió:
>> >
>> >> I've already posted a solution for this. Basically, "Define root zone.
>> >> Delegate teamviewer.com from root zone. Define teamviewer.com as 'type
>> >> forward'".
>> >>
>> >> "Recursion yes" is implied. No views necessary. It doesn't make any sense
>> >> anyway, to have the same match-clients list for all of one's views, since
>> >> the first one matched is the one that's used.
>> >>
>> >> Did you not see my response, or did you perhaps dislike the approach I
>> >> suggested?
>> >>
>> >> There was some subsequent discussion about not relying on DNS resolution
>> >> as one's *only* control over what sites one's clients can or cannot
>> >> access.
>> >> While I agree with that, my position is that there's nothing wrong with
>> >> controlling DNS resolution, in addition to other controls.
>>
>> --
>> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
>> Warning: I wish NOT to receive e-mail advertising to this address.
>> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>> M$ Win's are shit, do not use it !
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
