NS ROOT queries to root servers

Tony Finch dot at dotat.at
Fri Jan 19 12:11:06 UTC 2018

Medina, Antonio <antonio.medina at gibtele.com> wrote:
> We have noticed that each query forwarded towards root servers creates
> an extra NS ROOT query.

This is due to a long-standing bug which was recently fixed. You need
change number 4770 - see

Complain to your vendor if it isn't present in their mystery meat version.

> In addition, we are going to configure a second provider that has warned
> us on they do not reply to NS ROOT queries. Could this pose a problem
> for our DNS servers? Is it possible to instruct our DNS servers not to
> perform root priming?

Jeez, are they deliberately trying to break things? :-)

You should find that it works as they require if you configure the root
zone on your server as a static-stub zone, with the server-addresses
clause pointing at your upstreams. From a brief test I think this
suppresses the priming queries, but I'm running bleeding edge BIND, so
your milage may vary.

I have a crazy setup on my test server, with a local mirror of the root
zone (which feeds https://twitter.com/diffroot). Because BIND does not
normally validate authoritative data, I have separate views for
authoritative service and recursive service. The rec view is configured
with static-stub versions of all the auth zones, pointing at localhost.
When I remove the static-stub root zone and restart the server, it logs
about sending priming queries; when I restart with my usual configuration
it does not.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Irish Sea: Westerly 5 to 7, occasionally gale 8 at first, becoming variable 3
or 4. Moderate or rough, becoming slight. Wintry showers, rain later in south.
Good, occasionally poor.

More information about the bind-users mailing list