root server queries

Simon Waters Simon at
Thu Oct 24 10:50:57 UTC 2002

Chris Hurt wrote:
> I have a bunch of internal dns servers that use forwarders for external
> resolution.  The network folks have brought an issue to me for resolution.
> The issue is that my internal servers occasionally make queries to the root
> servers (which of course get dropped at the firewall).  Can't I just create
> my own internal root servers (that would only have delegation info for our
> internal domain) to avoid this traffic or will this break something?

Just set then to "forward only" instead of "forward first"
(which is the default forwarding behaviour).

I forget the exact criteria for reverting to querying the root
servers, but it due to your forwarders not producing an answer
in a timely fashion, usually it is network connectivity
problems, so the servers try and go direct as a last ditch
effort to get an answer.

If you create internal root servers, you will usually forfeit
the ability to resolve external addresses, and it doesn't sound
like you want that.

More information about the bind-users mailing list