A very basic question...

Kevin Darcy kcd at chrysler.com
Mon Aug 10 23:09:27 UTC 2009

E Johnson wrote:
> From what I have read so far, I can see that this might be a very 
> flame-worthy question, so please don't hurt me, I'm just a beginner...
> I have read every howto that I can find on setting up a DNS server for 
> a very small, 12 seats, network. The DNS server just needs to be 
> authoritative for the internal network and then it should forward 
> external requests to the outside world. Here is the question...
> Most of the howtos say that I should setup a Root Zone so that I can 
> access the Internet. Then a small few of the howtos say that I should 
> use the forwarder option to be able to access the Internet and they 
> say that the Root Zone should not be used because the Root DNS servers 
> aren't meant for that.
> So, which is the best/proper way to do this?
I'm assuming that all your clients have a need to resolve Internet 
names. (Note that this is not a *given*. If clients access the Internet 
through application-level proxies or gateways, then maybe only the 
proxies/gateways need to resolve Internet names, and normal internal 
clients do not.)

So, the big question is: does your nameserver have direct access to the 
Internet DNS?

If not, then you don't really have the option of "setting up a root 
zone". You have to forward, and given that you're doing that, your 
nameserver would resolve anything it needs in the root zone via 
forwarding. Hence, no need for an explicit root-zone definition.

If you do have direct access to the Internet DNS, then you have other 
alternatives and maybe you should re-examine your assumption that "... 
it should forward external requests to the outside world". Maybe you 
don't need to forward at all. You could explicitly configure a "hints" 
file, or use the one which is already compiled into the "named" binary.

- Kevin

More information about the bind-users mailing list