Authoritative internal server - how do I get rid of...

Elmar K. Bins elmi at 4ever.de
Tue May 21 14:08:21 UTC 2013


Re Mark,

> > Oh, I forgot to mention that all master zones have "notify explicit;" set.
> > (Is there a global setting for that?)
> 
> What about the slave zones?  They also send notify messages.

Which slave zones? This server is auth-only, master-only. That's it.
No slaves, no recursion, no lookup, no routing, no nothing.


> > > Additionally you have DNSSEC validation and/or managed keys for the
> > > root enabled.
> > 
> > Err...by default? How do I switch this off?
> 
> No.  You have enabled it.

Oh, where? You seem to know more than I do. The only part
I can see it is in the "dnssec-validation auto" line in
the options. Would it help to move this to the "test" zone?

Config see below

Elmar.


named.conf is as simple as it gets:
======================================================

options {
        directory "/var/cache/bind";
        dnssec-validation auto;
        recursion no;
        allow-recursion { none; };
        additional-from-cache no;
        auth-nxdomain no;
        listen-on-v6 { none; };
};

key hm1-key. {
          algorithm hmac-sha256;
          secret "...";
};

server a.b.c.d {
        provide-ixfr no;
        keys { hm1-key. ;};
};


zone "test" IN {
                type master;
                file "/dns/pri/test" ;
                notify explicit;
                also-notify { a.b.c.d; } ;
                allow-transfer { key hm1-key. ; } ;
} ;


zone "." { type hint; file "/etc/bind/db.root"; };
zone "localhost" { type master; file "/etc/bind/db.local"; };
zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; };
zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; };
zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; };

======================================================


More information about the bind-users mailing list