A very basic question...
kcd at chrysler.com
Mon Aug 10 23:09:27 UTC 2009
E Johnson wrote:
> From what I have read so far, I can see that this might be a very
> flame-worthy question, so please don't hurt me, I'm just a beginner...
> I have read every howto that I can find on setting up a DNS server for
> a very small, 12 seats, network. The DNS server just needs to be
> authoritative for the internal network and then it should forward
> external requests to the outside world. Here is the question...
> Most of the howtos say that I should setup a Root Zone so that I can
> access the Internet. Then a small few of the howtos say that I should
> use the forwarder option to be able to access the Internet and they
> say that the Root Zone should not be used because the Root DNS servers
> aren't meant for that.
> So, which is the best/proper way to do this?
I'm assuming that all your clients have a need to resolve Internet
names. (Note that this is not a *given*. If clients access the Internet
through application-level proxies or gateways, then maybe only the
proxies/gateways need to resolve Internet names, and normal internal
clients do not.)
So, the big question is: does your nameserver have direct access to the
If not, then you don't really have the option of "setting up a root
zone". You have to forward, and given that you're doing that, your
nameserver would resolve anything it needs in the root zone via
forwarding. Hence, no need for an explicit root-zone definition.
If you do have direct access to the Internet DNS, then you have other
alternatives and maybe you should re-examine your assumption that "...
it should forward external requests to the outside world". Maybe you
don't need to forward at all. You could explicitly configure a "hints"
file, or use the one which is already compiled into the "named" binary.
More information about the bind-users