Hi again, Renzo.
1) Regarding root hints, the explicit hint zone has not been necessary in
BIND for many years as the hints are built-in. This applies if your
resolver is doing recursion. But if you are doing global forwarding - with
"forward only;" as well - then "zone "." {" is pointless anyway. So either
way, you can remove it.
2) BIND has a list of built-in empty zones that are for names that should
not reach the Internet: reserved names and addresses. I think you do not
need explicit zones on the box you call CS as either they are built-in
already or the box called Z will have them anyway. But use tcpdump to
monitor traffic between CS and Z and decide whether you need anything more,
or less in your config.
Also, please look at 9.20.11 as I suggested last time.
Hope that helps.
Cheers, Greg
On Thu, 7 Aug 2025 at 13:06, Renzo Marengo <buckroger2...@gmail.com> wrote:
> I'm replacing Caching and Forwarding DNS server (called CS) in Bind
> 9.16.23 which forwards all client queries to specific server Z.
>
> My doubts:
>
> 1)
> This CS server doesn't use root server so I can delete in named.conf this
> section ?
> zone "." IN {
> type hint;
> file "named.ca";
> };
>
>
> 2)
> the original named.rfc1912.zones file contains these zones:
> -------------------------------------------------
> zone "localhost.localdomain" IN {
> type master;
> file "named.localhost";
> allow-update { none; };
> };
>
> zone "localhost" IN {
> type master;
> file "named.localhost";
> allow-update { none; };
> };
>
> zone
> "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
> IN {
> type master;
> file "named.loopback";
> allow-update { none; };
> };
>
> zone "1.0.0.127.in-addr.arpa" IN {
> type master;
> file "named.loopback";
> allow-update { none; };
> };
>
> zone "0.in-addr.arpa" IN {
> type master;
> file "named.empty";
> allow-update { none; };
> };
> -------------------------------------------------
>
>
>
> My old file contains the same entries, excluded zone
> "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa,
> and It includes the followind extra ones:
>
> zone "127.in-addr.arpa" {
> type master;
> file "db.127";
> };
> zone "255.in-addr.arpa" {
> type master;
> file "db.255";
> };
>
> file db.255
> $TTL 604800
> @ IN SOA localhost. root.localhost. (
> 1 ; Serial
> 604800 ; Refresh
> 86400 ; Retry
> 2419200 ; Expire
> 604800 ) ; Negative Cache TTL
> ;
> @ IN NS localhost.
>
>
> file db.127
> $TTL 604800
> @ IN SOA localhost. root.localhost. (
> 1 ; Serial
> 604800 ; Refresh
> 86400 ; Retry
> 2419200 ; Expire
> 604800 ) ; Negative Cache TTL
> ;
> @ IN NS localhost.
> 1.0.0 IN PTR localhost.
>
> What do you think ?
> I can delete both "127.in-addr.arpa" and "255.in-addr.arpa"zones ?
> And about
> "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
> zone ? I have t keep it ?
>
> Thanks
>
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
