Em Mon, 08 Oct 2001 18:39:05 -0400 Kevin Darcy Escreveu: > > Rainaldo Augusto Silva wrote: > > > Hi all, > > > > I´m in doubt about some issues related to ´hint zone´... Please, let > > me know additional informations: > > > > 1) What are accepted options in ´hint zone´ (BIND8.2.3)? I have > > seen (in docs.) only ´check-names´ option is accepted... Is it true? > > As far as I know, yes. I can't think of anything else that would make > sense there. Believe it! It make sense for us... ;-)) > > > 2) If yes/true (above), why others options are not accepted in hint > > zone (like: forwarders, allow-query, etc...)? I would like inhibit the > > BIND lookup for new root-servers when it is started... > > No, you are misunderstanding what a hints zone is. It's just a way for > the nameserver to find the root servers. It's not "zone data", just > "hints", so it makes no sense to put an "allow-query" or > "forwarders" option on it. Once the real root data is obtained, the hints > data are essentially discarded. > > Why would you want to restrict query access to the root zone anyway? > I can't think of any legitimate reason to do that. I do not want to restrict any queries access... That was only statements example! :-) What´s happening: If I have a "forwarder { 172....;};" statement in global options (named.conf), when I have started BIND, it has ignored my internal root server (assigned from db.cache) and it has asked by ´NS for zone "."´ to the forwarders (assigned from global options, 172...) instead of my (REAL) internal root-servers (assigned in db.cache). Why it has ignored root-server assigned in db.cache when I put "forwarders" statment in global options? If want you can see that running tcpdump... When I took off "forwarders {172...;);" it works fine (asking for NS "." to internal root-server), but did not forwarding. Can you explain this engine for us? > > And what do you hope to achieve by putting "forwarders" at the root zone, > that cannot be achieved by specifying "forwarders" in the > "options" statement? > > > 3) Are there some method to inhibit BIND don´t ask (lookup) for > > others root-servers assigned in db.root? I mean, we have four internal > > root-server assigned in ´my´ db.cache, and when I start BIND (named) > > they are ignored (overwrited)... I believe that happens because there > > are a ´forwarders { bla; bla...; };´ statement in named.conf ´global > > options´. This (BIND) behavior is true/correct? Why? (detail: I must > > have the ´forwarders´ statement in global options, because my clients > > need to be resolving internet names AND intranet names). > > > > I have already heard sounds like (DNS & BIND Book): ´It will not > > work, because intranet names resolutions are not compatible with > > internet name resolutions´. But I didn´t believe this... :-) > > Believe it. There is only *one* root zone, as far as any given nameserver > is concerned. Either it sees the internal root zone (through the hints > file) or it sees the external one (through the forwarders). There is no > way -- and no reason -- for it to see *both*. If you want to resolve both > internal and external names from the same nameserver, then you need to > define all of your internal domains on the nameserver. Note that you > don't have to define all of the internal *zones* on the nameserver -- you > can just define the apex of every internal domain and specify "forwarders > { }" in the zone definition in order to inhibit forwarding for > subdomains/subzones. I had used already this method (w/ forwarding to highest internal domain), but I would like to do that from another way. [ ], Rainaldo. ------------------------------------- MailBR - O e-mail do Brasil -- http://www.mailbr.com.br Faça já o seu. É gratuito!!!