Re: About root zones

Tue, 03 Jan 2012 06:56:50 -0800 

2012/1/2 Matus UHLAR - fantomas <uh...@fantomas.sk>:

I don't see your point now. I'm afraid that you will have to live with the
fact that you can not disable sending queries from BIND when it needs them,
you can only prevent it by configuring BIND (so it will not need them) or
firewall such packets so they will not get outside (which may break its
functionality).


On 03.01.12 16:53, Peter Andreev wrote:

My point: I need my servers to answer with authoritative data only. I
need them to not perform anything else. Only "get query - send
authoritative response". Where in this scenario BIND has to resolve
something?



Nowhere. Note that BIND may send upward or root referrals, for clients 
that are allowed to view cached data (the hint zone is taken as 
cached). Also, bind can send additional data (authoritative or from 
cache) when configured so, but won't recursively resolve them.



See description of additional-from-cache and additional-from-auth, 
maybe minimal-responses.



In which scenario (except master & notifies) BIND has to resolve something?



I don't know about any. 


Maybe ISC will patch BIND to use system resolver for internal queries, but I
doubt so. Maybe you can do it but imho it's not worth trying.

Maybe you can set up forward only; and forwarders {}; so BIND will forward
all recursive queries it generates to your recursive servers.

But the way you are trying to get over this, I'm afrait you will fail and
that's what I am trying to tell you.


I'm free to replace BIND with another authoritative DNS implementation.



Yes, you are. but i'd advise you focus on the real problem, if it 
exists. Kevin Darcy mentioned that in his response.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users




























					Reply via email to