Hi Brian R, I built a lab to investigate DNS cache poisoning with custom root servers, no DNSSEC. What you're trying to do is possible in production I'm just not sure it's recommended. You will need to update your root.hints (or whatever file name you're using for the root hint zone) file to point to your custom root server and you will probably have to restart named daemon. The root server must serve the root zone authoritatively. You can find an example root zone in the following link https://www.internic.net/domain/root.zone. In my lab I had to edit this file to use my custom TLD server for the .net domain.
Best Regards, David Farje On Wed, Jun 26, 2024 at 10:58 AM Cuttler, Brian R (HEALTH) via bind-users < bind-users@lists.isc.org> wrote: > Running Bind 9.18.18 on Ubuntu 22.04 > > > > We would like to use root servers within our organization rather than the > actual root servers. > I updated the hints file with the names and IPs of our servers, but we > seem to still access the official root servers. > > Wondering how I ignore the internal/build-in hints and have my own file. > > Wondering if replacing the IP addresses in the db.cache file with a > round-robin of my internal IP addresses isn’t the answer. > Not elegant but perhaps would work? > > Is there a supported way to do what I want to do – we do not want an > forwarding only server, we do serve a good number of internal statis and > dynamic zones but also want to resolve non-domain addresses or addresses we > lack forwarder zones for from a ‘root’ source. > > > > ;; ADDITIONAL SECTION: > > a.root-servers.net. 518400 IN A 198.41.0.4 > > b.root-servers.net. 518400 IN A 170.247.170.2 > > c.root-servers.net. 518400 IN A 192.33.4.12 > > > > Thanks for your help and suggestions, > > Brian > > > > > > Brian Cuttler, System and Network Administration > > Wadsworth Center, NYS Department of Health > > Albany, NY 12201 POB 509 > > brian.cutt...@health.ny.gov > > 518 486-1697 > > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
