No .. but I do have the following at the end of my named.conf file .... the
db.cache file has all of the root servers. I just was not sure if it would
cause problems just removing that section as it was in all of the examples I
read.
zone "." {
type hint;
file "/etc/named/db.cache";
};
----- Original Message -----
From: "Jason Opperisano" <opie@xxxxxxxxxxx>
To: "Peter Marshall" <peter.marshall@xxxxxxxxx>
Cc: "netfilter" <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Thursday, November 18, 2004 9:44 AM
Subject: Re: dns question
On Thu, 2004-11-18 at 07:32, Peter Marshall wrote:
> I am sure this is a stupid question ...but I will ask anyway. Should I be
> allowing my dns server (in my dmz) connect to root servers ? At the
moment
> it is being bloced, and the only thing it can connect to is my ISP's DNS
> server. Basically, my dns server serves requests for servers in my dmz
for
> my internal users. If it can't find the hit, it passs the request on to
my
> ISP's ... I am trying to clean up my firewall logs, and noticed that the
DNS
> server is always trying to query root servers. I was just not sure if
this
> should be allowed. If it is not, (and I suspect there is no need to) Is
> there a way to make my DNS server stop quering the root servers ?
>
> PS DNS is a rh9 box running bind.
if your bind configuration specifies:
forwarders {
x.x.x.x;
x.x.x.x;
// 24.25.4.107;
// 24.25.4.108;
4.2.2.2;
4.2.2.1;
4.2.2.3;
};
--
"My cat's breath smells like cat food."
--The Simpsons
