On Wed, Dec 2, 2015 at 2:52 PM, Alan McKinnon <alan.mckin...@gmail.com> wrote: > On 02/12/2015 21:37, lee wrote: >> Hi, >> >> is there a way to configure bind so that the names of local hosts, >> i. e. the ones bind is authoritative for, can be resolved without a >> connection to the internet?
I am surprised to hear that bind does not do this by default. I can't see any reason it would recursively resolve a query that it already has the answer to. Maybe there is a config setting or something, because I seem to recall it working that way previously. >> I don't like it at all that when the internet connection goes out, no >> name resolution at all is possible. Since the information about the >> local hosts is known to bind from its configuration files, why can't it >> just resolve them? >> > > > There are several problems with your idea. First, the configured > namservers in resolv.conf are caching servers, not authoritative > servers. You never configure an auth server to act as a cache. Yes, it > can be done. No, it's an awful idea and things break horribly. For small private networks, it is quite common to set up a name server that is both authoritative for some zones, and recursively resolves others. This is especially common with Active Directory, where the domain for AD is not made public. > Secondly, nothing else on your network can know your auth server is > authoritative without first being informed so by the delegating server. > Or in other words, if you own example.com and an auth server for > example.com is on your network, you have to first go via .com to know > that. Weird, but that's how it works. You have described how a recursive resolver works. Most devices use a sub resolver that simply passes queries to a single name server which then resolves the query as you describe.
