Nah, that's fine (and normal). BIND comes configured with the roots so that it can start resolution. I guess I don't fully understand your concern here -- is it that you are worried that the root might see queries and so know your internal hostnames?
W Warren Kumari ------ Please excuse typing, etc -- This was sent from a device with a tiny keyboard. On Mar 17, 2011, at 7:20 AM, babu dheen <babudh...@yahoo.co.in> wrote: > Hi, > > We have two internal Windows DNS servers which answer all DNS query by > forwarding it to gateway DNS server running in Redhat BIND. But i have a > query regarding allowing ROOT DNS query on internal DNS server. > > Can anyone let me know whether company Internal DNS server should respond to > ROOT DNS query. When i execute # dig . NS @my-company-name-server query I am > getting complete response > > Let me know whether enabling ROOT DNS query is a security threat. For more > informaton can you read and help us to securely configure our company > internal Windows DNS server and its impact of disabling it. > > > ; <<>> DiG 9.3.3rc2 <<>> . NS @10.0.0.1 > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34899 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 10 > ;; QUESTION SECTION: > ;. IN NS > ;; ANSWER SECTION: > . 49842 IN NS j.root-servers.net. > . 49842 IN NS k.root-servers.net. > . 49842 IN NS l.root-servers.net. > . 49842 IN NS m.root-servers.net. > . 49842 IN NS a.root-servers.net. > . 49842 IN NS b.root-servers.net. > . 49842 IN NS c.root-servers.net. > . 49842 IN NS d.root-servers.net. > . 49842 IN NS e.root-servers.net. > . 49842 IN NS f.root-servers.net. > . 49842 IN NS g.root-servers.net. > . 49842 IN NS h.root-servers.net. > . 49842 IN NS i.root-servers.net. > ;; ADDITIONAL SECTION: > j.root-servers.net. 49842 IN A 192.58.128.30 > a.root-servers.net. 49842 IN A 198.41.0.4 > b.root-servers.net. 49842 IN A 192.228.79.201 > c.root-servers.net. 49842 IN A 192.33.4.12 > d.root-servers.net. 49842 IN A 128.8.10.90 > e.root-servers.net. 49842 IN A 192.203.230.10 > f.root-servers.net. 49842 IN A 192.5.5.241 > g.root-servers.net. 49842 IN A 192.112.36.4 > h.root-servers.net. 49842 IN A 128.63.2.53 > i.root-servers.net. 49842 IN A 192.36.148.17 > ;; Query time: 34 msec > ;; SERVER: 10.0.0.1#53(10.132.1.13) > ;; WHEN: Thu Mar 17 17:16:18 2011 > ;; MSG SIZE rcvd: 401 > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users