Bind doesn't stop contacting global ROOT DNS servers after commenting(#) the the root hint zone in named.conf

Tony Finch dot at
Mon Aug 2 18:56:52 UTC 2021

Ramesh <rameshsahoo11 at> wrote:
> I commented the root hint zone section(default) in the named.conf file to
> stop bind from communicating to the global root DNS servers and it should
> only use the internal forwarders available in the options{} section.

I think the config option you want is `forward only`. The default is
`forward first` which has the fallback behaviour that you observed.

On my servers I don't configure a hint zone: using BIND's built-in hints
and trust anchor reduces the amount of configuration that needs to be
deployed in the chroots and which can go stale.

