Resolve only authoritative domain for internet/public addresses

Doug Barton dougb at
Sun Jul 8 09:33:52 UTC 2012

On 07/07/2012 23:15, Mr BeEye wrote:
> Hello all.
> Let's have a finite list of IPv4 (private and public) addresses, e.g.
> {A, B, C, ... N}.
> It is possible to configure BIND in the way:
> 1) BIND resolves EVERYTHING for {A, B, C, ... N}.

It sounds like you're wanting to set up a resolver for your network.
That's fine, you can do that, just use the appropriate allow-query ACLs.
You can find the details in the BIND ARM.

> 2) BIND resolves ONLY its authoritative domain for internet excluding
> {A, B, C, ..., N}.

That sounds like you want to set up an authoritative name server for
your zones that will be listed in the NS records. That's also fine, but
it should be completely separate from your resolver to avoid problems
with cache pollution.



    If you're never wrong, you're not trying hard enough

More information about the bind-users mailing list