<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Arial Nova";}
@font-face
{font-family:"var\(--ff-mono\)";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:Consolas;
mso-ligatures:standardcontextual;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Hello, looking for a sanity check.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Inside our network we are running BIND 9.18.28-0ubuntu0.22.04.1-Ubuntu on Ubuntu 22.04.5 LTS<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Currently our server serves our own zones files - A/CNAME/PTR/TXT/etc records for our domain.<br>
We have already modified the db.cache file to reference two servers provided by our corporate IT rather than using the internet root servers.<o:p></o:p></p>
<p class="MsoNormal">We have numerous forwarder zones for corporate zones, both forward and reverse zones.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We are looking to no longer use recursion but rely entirely on the corporate servers for anything we would normally resolve from external servers.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<pre style="vertical-align:baseline">I think all we need to do is create a forwarders stanza set “forwarder only” , similar to(but with the correct IPS)<o:p></o:p></pre>
<pre style="vertical-align:baseline"><br><span style="font-family:"var(--ff-mono)",serif;color:#0C0D0E;border:none windowtext 1.0pt;padding:0in;mso-ligatures:none"> forwarders {<o:p></o:p></span></pre>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-size:10.0pt;font-family:"var(--ff-mono)",serif;color:#0C0D0E;border:none windowtext 1.0pt;padding:0in;mso-ligatures:none"> 1.2.3.4; # External DNS<o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-size:10.0pt;font-family:"var(--ff-mono)",serif;color:#0C0D0E;border:none windowtext 1.0pt;padding:0in;mso-ligatures:none"> 1.2.3.5; # External DNS<o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-size:10.0pt;font-family:"var(--ff-mono)",serif;color:#0C0D0E;border:none windowtext 1.0pt;padding:0in;mso-ligatures:none"> };<o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-size:10.0pt;font-family:"var(--ff-mono)",serif;color:#0C0D0E;border:none windowtext 1.0pt;padding:0in;mso-ligatures:none"> forward only;</span><span style="font-size:10.0pt;font-family:"var(--ff-mono)",serif;color:#0C0D0E;mso-ligatures:none"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The desire is to continue to use our own zone files, and to continue to use the already established fowarder zones, but to replace recursion managed by our own internal servers with queries to ONLY the 2 servers we are already using as
replacement root servers.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Seems so simple that I have to believe I’ve missed something.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks in advance,<o:p></o:p></p>
<p class="MsoNormal">Brian<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;mso-ligatures:none">Brian Cuttler, System and Network Administration<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;mso-ligatures:none">Wadsworth Center, NYS Department of Health<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;mso-ligatures:none">Albany, NY 12201 POB 509<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;mso-ligatures:none"><a href="mailto:Brian.Cuttler@Health.NY.gov"><span style="color:#0563C1">Brian.Cuttler@Health.NY.gov</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;mso-ligatures:none">518 486-1697</span><span style="font-size:12.0pt;font-family:"Arial Nova",sans-serif;mso-ligatures:none"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>