E Johnson wrote:
From what I have read so far, I can see that this might be a very
flame-worthy question, so please don't hurt me, I'm just a beginner...
I have read every howto that I can find on setting up a DNS server for
a very small, 12 seats, network. The DNS server just needs to be
authoritative for the internal network and then it should forward
external requests to the outside world. Here is the question...
Most of the howtos say that I should setup a Root Zone so that I can
access the Internet. Then a small few of the howtos say that I should
use the forwarder option to be able to access the Internet and they
say that the Root Zone should not be used because the Root DNS servers
aren't meant for that.
So, which is the best/proper way to do this?
I'm assuming that all your clients have a need to resolve Internet
names. (Note that this is not a *given*. If clients access the Internet
through application-level proxies or gateways, then maybe only the
proxies/gateways need to resolve Internet names, and normal internal
clients do not.)
So, the big question is: does your nameserver have direct access to the
Internet DNS?
If not, then you don't really have the option of setting up a root
zone. You have to forward, and given that you're doing that, your
nameserver would resolve anything it needs in the root zone via
forwarding. Hence, no need for an explicit root-zone definition.
If you do have direct access to the Internet DNS, then you have other
alternatives and maybe you should re-examine your assumption that ...
it should forward external requests to the outside world. Maybe you
don't need to forward at all. You could explicitly configure a hints
file, or use the one which is already compiled into the named binary.
- Kevin
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
