2012/1/3 Matus UHLAR - fantomas <uh...@fantomas.sk>: >> 2012/1/2 Matus UHLAR - fantomas <uh...@fantomas.sk>: >>> >>> I don't see your point now. I'm afraid that you will have to live with >>> the >>> >>> fact that you can not disable sending queries from BIND when it needs >>> them, >>> you can only prevent it by configuring BIND (so it will not need them) or >>> firewall such packets so they will not get outside (which may break its >>> functionality). > > > On 03.01.12 16:53, Peter Andreev wrote: >> >> My point: I need my servers to answer with authoritative data only. I >> need them to not perform anything else. Only "get query - send >> authoritative response". Where in this scenario BIND has to resolve >> something? > > > Nowhere. Note that BIND may send upward or root referrals, for clients that > are allowed to view cached data (the hint zone is taken as cached). Also, > bind can send additional data (authoritative or from cache) when configured > so, but won't recursively resolve them. > > See description of additional-from-cache and additional-from-auth, maybe > minimal-responses. > >
Yep, that's what I done first when problem appeared. Second step was deleting root.hints to (as I hoped) prevent any further resolving and caching. >> In which scenario (except master & notifies) BIND has to resolve >> something? > > > I don't know about any. Neither do I. Unfortunately it is not covered in documentation. >>> >>> Maybe ISC will patch BIND to use system resolver for internal queries, >>> but I >>> doubt so. Maybe you can do it but imho it's not worth trying. >>> >>> Maybe you can set up forward only; and forwarders {}; so BIND will >>> forward >>> all recursive queries it generates to your recursive servers. >>> >>> But the way you are trying to get over this, I'm afrait you will fail and >>> that's what I am trying to tell you. >> >> >> I'm free to replace BIND with another authoritative DNS implementation. > > > Yes, you are. but i'd advise you focus on the real problem, if it exists. > Kevin Darcy mentioned that in his response. > > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Linux - It's now safe to turn on your computer. > Linux - Teraz mozete pocitac bez obav zapnut. > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- -- AP _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users