On Thu, 2004-11-18 at 07:32, Peter Marshall wrote:
> I am sure this is a stupid question ...but I will ask anyway. Should I be
> allowing my dns server (in my dmz) connect to root servers ? At the moment
> it is being bloced, and the only thing it can connect to is my ISP's DNS
> server. Basically, my dns server serves requests for servers in my dmz for
> my internal users. If it can't find the hit, it passs the request on to my
> ISP's ... I am trying to clean up my firewall logs, and noticed that the DNS
> server is always trying to query root servers. I was just not sure if this
> should be allowed. If it is not, (and I suspect there is no need to) Is
> there a way to make my DNS server stop quering the root servers ?
>
> PS DNS is a rh9 box running bind.
if your bind configuration specifies:
forwarders {
x.x.x.x;
x.x.x.x;
// 24.25.4.107;
// 24.25.4.108;
4.2.2.2;
4.2.2.1;
4.2.2.3;
};
--
"My cat's breath smells like cat food."
--The Simpsons
