Le 19/12/2022 à 20:06, BÖSCH Christian a écrit :
Hello,
I have two bind dns servers as client resolvers with local zones and
for the rest
configured forwarders. The root zone “.” and hints file is commented out.
In the connection logs on the firewall I see a lot of connections from
the resolvers
to the root dns servers.
So can anybody explain why this happens? In my opinion everything
should go to
the forwarders and I’m also wondering how bind knows about the root
servers
when there is no hint file?
Thanks,
Christian
It will use build-in fallback definition.
Use the "forward only" directive with the forwarders declaration.
The primary use case for overwriting the root zone/hint content is for
private root server implementation in totally disconnected/fully
private DNS infrastructure.
Otherwise, global forwarders with forward only directive are sufficient
to stop any direct root servers queries.
Emmanuel.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
