Authoritative internal server - how do I get rid of...
Elmar K. Bins
elmi at 4ever.de
Tue May 21 08:57:32 UTC 2013
... these annoying root lookups:
error (host unreachable) resolving './DNSKEY/IN': 220.127.116.11#53
error (host unreachable) resolving './NS/IN': 18.104.22.168#53
I guess a few of you have seen and mitigated this before. We're running
a few BIND server strictly internally - for master zone loading, actually.
Those servers have no external connectivity. Since they seem to routinely
look up stuff concerning ".", I get a lot of the above error messages due
to - certainly - unreachability of anything outside local.
Is there any way I can get those BIND9 servers to *not* look up root stuff?
Recursion is off, and the root hints file has been removed from the local
zone config. No effect.
Any pointers would be much appreciated.
More information about the bind-users