caching-only forwarding...
Kevin P. Knox
keknox at lucent.com
Wed Oct 4 16:16:50 UTC 2000
Bind Users,
First off....I double checked and the internal DNS server that I mentioned
IS permitted communications to root DNS servers. I doctored up configs
just a bit a minute ago and discovered that the internal DNS server MUST
communicate with at least ONE root name server.
Since we really don't want this DNS server communicating with the outside
world at all, I changed it's root cache file to look like this -
. 3600000 IN NS ext.dns.server.net
ext.dns.server.net. 3600000 A 1.2.3.4
These are the ONLY two RRs in the hint file.
The internal DNS server is functioning...I turned on query logging and
folks are hammering away at it... but complains because the DNS server at
1.2.3.4 isn't authoritative for "." (root). Does anybody see a major
problem with this?
Thanks :-)
... Kev
At 12:01 PM 10/4/00 -0400, Kevin P. Knox wrote:
>Bind Users,
>
>....sanity check please :-)
>
>I have an internal caching only DNS server (all DNS servers on site are
>BIND 8.2.2 P5). It forwards queries to an external server. DNS
>communication is restricted by a firewall in between. The internal DNS
>server can't contact root DNS servers.
>
>Why even have a "hint" file with NS and A RRs for root DNS servers ...on
>the internal DNS server that is?
>
>TIA :-)
>
>... Kev
>
>
>==================================
>Kevin P. Knox, NSC
>Lucent Technologies NPS
>Pager: (888) 779-7441
>E-mail Pager: 7797441 at skytel.com
>
>... compromise is NOT a function of warfare.
==================================
Kevin P. Knox, NSC
Lucent Technologies NPS
Pager: (888) 779-7441
E-mail Pager: 7797441 at skytel.com
... compromise is NOT a function of warfare.
More information about the bind-users
mailing list