DNS Server Host's Network DNS Settings
cyberdog3k at gmail.com
Fri Dec 21 20:41:05 UTC 2007
On Dec 21, 2007 2:58 PM, Steven Stromer <filter at stevenstromer.com> wrote:
> This is probably a naive question, but what, if any relationship do the
> DNS settings of the host have to the BIND server that the host is
> hosting? (And no, this isn't a smart-as**d joke... I'm really wondering.)
> This is kind of a two part question, as I imagine the potential exists
> for both the host to send DNS queries to the local DNS service, and for
> the DNS service to ask its host for its DNS settings.
> My instinct is to think that the host will query the local DNS service
> if the host's network settings are so configured, and that, vice versa,
> the DNS never looks at the host's network settings.
> If my assumptions are correct, then a follow-up question would be, How
> should the local network DNS settings be configured on the host? 'Should
> the DNS entry be 127.0.0.1, the assigned lan IP of the host (as other
> hosts on the lan are configured), some other entry, such as 'localhost',
> or is there some unimaginable reason why the host should never be
> allowed to query the local DNS service?'
I'm no bind guru, so I may not be 100% accurate, however my
observations are as follows...
The host machine can certainly use the bind daemon running on it as a
local resolver by setting 127.0.0.1 (or another local IP) as an entry
in the resolv.conf. I do this and it works fine. Just make sure if
your settings for recursion reflect what you want the local host to be
able to resolve. ie if you have recursion disabled by default, but
want it enabled for the local machine, you'll need an acl setup as
On the other hand, I've never seen a way to get bind to really do
anything with the resolv.conf settings on the local machine. Bind has
no dns "dependencies" in order to work (this would be a bit of a
paradox or something :). Assuming recursion is enabled, a bind
process will resolve dns as long as the box has a working ip gateway
to the internet, dns not required. In order to use "forward" hosts,
which is essentially what the entries in resolv.conf normally are, you
have to manually hardcode in the forward host IPs (forwarders
option)... bind does not auto-detect them from the system. In a past
life I used the dnsmasq program which *did* include this resolv.conf
reading behavior, but as best as I've determined it's not something
included in Bind.
More information about the bind-users