define zone

Renzo Marengo buckroger2011 at gmail.com
Fri Aug 8 06:40:55 UTC 2025 

Hi Greg,
Thanks for your help.

1) Just so I'm clear, if I made this configuration:
  global forwarding DISABLED
  zone "." MISSING
  recursion ENABLE

  a- server would contact root servers because hints are bulti-in, right ?
  b- with same configuration with recursion DISABLED, server would
contact root servers ?
  c- in CS (cache server) is enabled both recursion and global forwarding ,
I will comment out reference of zone "." in named.conf leaving existing
zone file.

2) Z server is "black box", I don't know its content.
    AD domain controllers forward requests for external domain to CS
server. If I wanted to keep built-in zones, in  named.rfc1912.zones file I
should to add  "127.in-addr.arpa" and "255.in-addr.arpa" zones ?

Il giorno gio 7 ago 2025 alle ore 14:24 Greg Choules <
gregchoules+bindusers at googlemail.com> ha scritto:

> Hi again, Renzo.
>
> 1) Regarding root hints, the explicit hint zone has not been necessary in
> BIND for many years as the hints are built-in. This applies if your
> resolver is doing recursion. But if you are doing global forwarding - with
> "forward only;" as well - then "zone "." {" is pointless anyway. So either
> way, you can remove it.
>
> 2) BIND has a list of built-in empty zones that are for names that should
> not reach the Internet: reserved names and addresses. I think you do not
> need explicit zones on the box you call CS as either they are built-in
> already or the box called Z will have them anyway. But use tcpdump to
> monitor traffic between CS and Z and decide whether you need anything more,
> or less in your config.
>
> Also, please look at 9.20.11 as I suggested last time.
>
> Hope that helps.
> Cheers, Greg
>
>
> On Thu, 7 Aug 2025 at 13:06, Renzo Marengo <buckroger2011 at gmail.com>
> wrote:
>
>> I'm replacing Caching and Forwarding DNS server (called CS) in Bind
>> 9.16.23 which forwards all client queries to specific server Z.
>>
>> My doubts:
>>
>> 1)
>> This CS server doesn't use root server so I can delete in named.conf this
>> section ?
>> zone "." IN {
>>         type hint;
>>         file "named.ca";
>> };
>>
>>
>> 2)
>> the original named.rfc1912.zones file contains these zones:
>> -------------------------------------------------
>> zone "localhost.localdomain" IN {
>>         type master;
>>         file "named.localhost";
>>         allow-update { none; };
>> };
>>
>> zone "localhost" IN {
>>         type master;
>>         file "named.localhost";
>>         allow-update { none; };
>> };
>>
>> zone
>> "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
>> IN {
>>         type master;
>>         file "named.loopback";
>>         allow-update { none; };
>> };
>>
>> zone "1.0.0.127.in-addr.arpa" IN {
>>         type master;
>>         file "named.loopback";
>>         allow-update { none; };
>> };
>>
>> zone "0.in-addr.arpa" IN {
>>         type master;
>>         file "named.empty";
>>         allow-update { none; };
>> };
>> -------------------------------------------------
>>
>>
>>
>> My old file contains the same entries, excluded zone
>> "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa,
>> and It includes the followind extra ones:
>>
>> zone "127.in-addr.arpa" {
>>         type master;
>>         file "db.127";
>> };
>> zone "255.in-addr.arpa" {
>>          type master;
>>          file "db.255";
>> };
>>
>> file db.255
>> $TTL    604800
>> @       IN      SOA     localhost. root.localhost. (
>>                               1         ; Serial
>>                          604800         ; Refresh
>>                           86400         ; Retry
>>                         2419200         ; Expire
>>                          604800 )       ; Negative Cache TTL
>> ;
>> @       IN      NS      localhost.
>>
>>
>> file db.127
>> $TTL    604800
>> @       IN      SOA     localhost. root.localhost. (
>>                               1         ; Serial
>>                          604800         ; Refresh
>>                           86400         ; Retry
>>                         2419200         ; Expire
>>                          604800 )       ; Negative Cache TTL
>> ;
>> @       IN      NS      localhost.
>> 1.0.0   IN      PTR     localhost.
>>
>> What do you think ?
>> I can delete both "127.in-addr.arpa" and "255.in-addr.arpa"zones ?
>> And about
>> "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
>> zone ? I have t keep it ?
>>
>> Thanks
>>
>>
>>
>> --
>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>> from this list
>>
>> ISC funds the development of this software with paid support
>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>> information.
>>
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20250808/6dc529fc/attachment.htm>

More information about the bind-users mailing list