Authoritative internal server - how do I get rid of...
Elmar K. Bins
elmi at 4ever.de
Tue May 21 14:08:21 UTC 2013
Re Mark,
> > Oh, I forgot to mention that all master zones have "notify explicit;" set.
> > (Is there a global setting for that?)
>
> What about the slave zones? They also send notify messages.
Which slave zones? This server is auth-only, master-only. That's it.
No slaves, no recursion, no lookup, no routing, no nothing.
> > > Additionally you have DNSSEC validation and/or managed keys for the
> > > root enabled.
> >
> > Err...by default? How do I switch this off?
>
> No. You have enabled it.
Oh, where? You seem to know more than I do. The only part
I can see it is in the "dnssec-validation auto" line in
the options. Would it help to move this to the "test" zone?
Config see below
Elmar.
named.conf is as simple as it gets:
======================================================
options {
directory "/var/cache/bind";
dnssec-validation auto;
recursion no;
allow-recursion { none; };
additional-from-cache no;
auth-nxdomain no;
listen-on-v6 { none; };
};
key hm1-key. {
algorithm hmac-sha256;
secret "...";
};
server a.b.c.d {
provide-ixfr no;
keys { hm1-key. ;};
};
zone "test" IN {
type master;
file "/dns/pri/test" ;
notify explicit;
also-notify { a.b.c.d; } ;
allow-transfer { key hm1-key. ; } ;
} ;
zone "." { type hint; file "/etc/bind/db.root"; };
zone "localhost" { type master; file "/etc/bind/db.local"; };
zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; };
zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; };
zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; };
======================================================
More information about the bind-users
mailing list