redirecting root hints to fake internal root server

Kevin Darcy kcd at
Tue Aug 27 20:28:01 UTC 2013

On 8/27/2013 1:07 PM, Colin Harvey wrote:
> My environment is firewalled from the real world.  For queries on 
> zones to which I'm not master, I want to recurse to a corporate 
> server.  nslookup 
> internal.corporate.server works fine.
nslookup is a terrible DNS troubleshooting tool. Try dig. And to mimic 
how your nameserver would talk to the other nameserver, use the options 
+norec and +bufsiz=4096 (unless you've changed your EDNS0 buffer size 
from the default, in which case, plug in that value instead).

> Setting "." to use this internal server in the root.hints file does 
> not.  In fact I do not even see my system trying to recurse.  (I'm 
> looking at network traffic with a sniffer.)
> My root.hints:
> .    600    IN    NS    internal.corporate.server.
> internal.corporate.server.    600    IN    A
Do you have recursion enabled?
> Alternatively I've setup a forwarding zone in named.conf to query 
> for ''.
Ugh, don't do that. Forwarding is for getting around network 
restrictions or limitations, and you haven't (so far) indicated that you 
have any of those to deal with.

- Kevin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list