About root zones
Peter Andreev
andreev.peter at gmail.com
Tue Jan 3 13:53:08 UTC 2012
2012/1/2 Matus UHLAR - fantomas <uhlar at fantomas.sk>:
>>>>> On 21.12.11 19:21, Peter Andreev wrote:
>>>>
>>>> I think that if server is authoritative - and - slave-only it should
>>>> use system resolver rather than querying by itself.
>
>
>> 2012/1/2 Matus UHLAR - fantomas <uhlar at fantomas.sk>:
>>>
>>> BIND will not use system resolver. BIND is the resolver. Relying on other
>>>
>>> resolver could cause troubles. If BIND does not need to resolve, it will
>>> not. If it needs, don't block it.
>
>
> On 02.01.12 16:42, Peter Andreev wrote:
>>
>> I understood your point, however it differs from mine.
>>
>> Matus, I'm afraid we won't find consent on this topic. So I offer you
>> to stop this discussion.
>> Thank you for suggestions and happy new year!
>
>
> I don't see your point now. I'm afraid that you will have to live with the
> fact that you can not disable sending queries from BIND when it needs them,
> you can only prevent it by configuring BIND (so it will not need them) or
> firewall such packets so they will not get outside (which may break its
> functionality).
My point: I need my servers to answer with authoritative data only. I
need them to not perform anything else. Only "get query - send
authoritative response". Where in this scenario BIND has to resolve
something?
In which scenario (except master & notifies) BIND has to resolve something?
>
> Maybe ISC will patch BIND to use system resolver for internal queries, but I
> doubt so. Maybe you can do it but imho it's not worth trying.
>
> Maybe you can set up forward only; and forwarders {}; so BIND will forward
> all recursive queries it generates to your recursive servers.
>
> But the way you are trying to get over this, I'm afrait you will fail and
> that's what I am trying to tell you.
I'm free to replace BIND with another authoritative DNS implementation.
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> How does cat play with mouse? cat /dev/mouse
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
--
AP
More information about the bind-users
mailing list