Hi Brian. Ni problem. The server may tell the client (dig; please not nslookup) information about where the answer came from, if 'minimal-responses' is set to "no". Usually clients don't need to know that, so please take a look at how m-r works: https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-minimal-responses
Cheers, Greg On Wed, 26 Jun 2024 at 17:55, Cuttler, Brian R (HEALTH) < brian.cutt...@health.ny.gov> wrote: > > > Greg, David, > > > > Thanks, much easier than what I thought it would be. > > I have two “root” servers so I went with this format, allowing a round > robin selection. > > Essentially this, sorry trying to be vague on the IPs. > > > > @ 518400 IN A xx.yy.zz..7 > > @ 518400 IN A xx.yy.zz..8 > > . 518400 IN NS @ > > > > Server reloaded fine and I am able to resolve non-domain information. > Is there a flag someplace in dig or nslookup to show what root server I’m > hitting? I don’t see that in any of the named log files, I may need to add > an ACL to log the traffic in a router to verify. > Then again – my FW is not seeing queries to any of the normal root > servers, so that is in fact a good sign. > > > > New root servers are managed by my parent organization and my manager > asked me to send these queries through them. Wouldn’t be performing this > exercise otherwise. > > > > Thank you – I think you’ve given me exactly what was needed. > > > > Brian > > > > *From:* Greg Choules <gregchoules+bindus...@googlemail.com> > *Sent:* Wednesday, June 26, 2024 12:29 PM > *To:* Cuttler, Brian R (HEALTH) <brian.cutt...@health.ny.gov> > *Cc:* bind-users <bind-users@lists.isc.org> > *Subject:* Re: rolling my own hints file > > > > You don't often get email from gregchoules+bindus...@googlemail.com. Learn > why this is important <https://aka.ms/LearnAboutSenderIdentification> > > *ATTENTION: This email came from an external source. Do not open > attachments or click on links from unknown senders or unexpected emails.* > > > > Hi Brian. > > Yes, you can define your own hint zone and tell BIND to use it. The > contents (I called the file "db.root" but the name is your choice) could be > as simple as: > > > > @ 300 IN A 127.0.0.3 > @ 300 IN NS @ > > > > which says for this zone (which will be called ".", coming next) the NS is > the same name and its IP is 127.0.0.3, which happens to be another instance > of BIND I have running. Your file would contain the names and IPs of your > internal roots. > > > > In the config, define the hint zone like this: > > > > zone "." { > type hint; > file "db.root"; > }; > > > > That should be all you need. > > Cheers, Greg > > > > On Wed, 26 Jun 2024 at 15:58, Cuttler, Brian R (HEALTH) via bind-users < > bind-users@lists.isc.org> wrote: > > Running Bind 9.18.18 on Ubuntu 22.04 > > > > We would like to use root servers within our organization rather than the > actual root servers. > I updated the hints file with the names and IPs of our servers, but we > seem to still access the official root servers. > > Wondering how I ignore the internal/build-in hints and have my own file. > > Wondering if replacing the IP addresses in the db.cache file with a > round-robin of my internal IP addresses isn’t the answer. > Not elegant but perhaps would work? > > Is there a supported way to do what I want to do – we do not want an > forwarding only server, we do serve a good number of internal statis and > dynamic zones but also want to resolve non-domain addresses or addresses we > lack forwarder zones for from a ‘root’ source. > > > > ;; ADDITIONAL SECTION: > > a.root-servers.net. 518400 IN A 198.41.0.4 > > b.root-servers.net. 518400 IN A 170.247.170.2 > > c.root-servers.net. 518400 IN A 192.33.4.12 > > > > Thanks for your help and suggestions, > > Brian > > > > > > Brian Cuttler, System and Network Administration > > Wadsworth Center, NYS Department of Health > > Albany, NY 12201 POB 509 > > brian.cutt...@health.ny.gov > > 518 486-1697 > > > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
