Bind doesn't stop contacting global ROOT DNS servers after commenting(#) the the root hint zone in named.conf
Hello Team,
I commented the root hint zone section(default) in the named.conf file to stop bind from communicating to the global root DNS servers and it should only use the internal forwarders available in the options{} section.
#zone "." IN {
# type hint;
# file "named.ca";
#};
But the BIND still communicates to the ROOT DNS server when the query can't be answered by the internal forwarders.
- Is this a default behavior?
- Does bind has an inbuilt root hint zone even though the zone is not defined in the namd.conf file?
I tried the following workaround and it worked for me.
Disabled the global forwarders in the options{}
section:
/*
forwarders {
x.x.x.3;
x.x.x.2;
x.x.x.1;
};
*/
Redefined the root hint as a forward type zone
zone "." IN {
//type hint;
//file "named.ca";
type forward;
forward only;
forwarders { x.x.x.3; x.x.x.2; x.x.x.1; };
};
Now bind only communicates to the forwarding DNS servers and never tries to communicate to the global root DNS servers.
- Any side effects with the above setting?
- My org. doesn't allow external DNS communication.
- Any other way to prevent bind communicating the root DNS servers but only ask the internal forwarders?