Re: Bind forwards DNS requests even though forwarding is disabled.

2025-09-03 Thread Ondřej Surý
No, the forwarding is disabled if the forwarding list is empty. What you can probably do is to create a sinkhole address on the localhost (with DROP firewall rule) and forward to that. However, why not just disable recursion or properly forward to the AdGuard DNS server instead? Both are perfect

Re: Bind forwards DNS requests even though forwarding is disabled.

2025-09-03 Thread Sten Carlsen
You still have the "forward only;" and "forwarders" statements. Would commenting those out make a difference? -- Best regards Sten Carlsen Don't be impressed with unintelligible stuff said condescendingly . -- Radia Perlman. > On 2 Sep 2025, at 20.12, Ondřej Surý wrote: > > https://bind

Re: Bind forwards DNS requests even though forwarding is disabled.

2025-09-03 Thread Greg Choules via bind-users
Hi Sascha. I have a few questions. 1) Are you sure BIND is forwarding? Is that the term you mean to use? Please can you take a binary packet capture (pcap, not copy/paste of terminal output) that shows what the BIND server is doing and send that, You may have disabled global forwarding but recursio

Re: Bind forwards DNS requests even though forwarding is disabled.

2025-09-03 Thread Ondřej Surý
https://bind9.readthedocs.io/en/v9.20.12/reference.html#namedconf-statement-forwarders > The default is the empty list (no forwarding). ^^^ you've effectively disabled forwarding. You haven't described precisely what are you trying to achieve, but you probably want to disable recursion? https:

Re: Bind forwards DNS requests even though forwarding is disabled.

2025-09-03 Thread Greg Choules via bind-users
Hello again and thank you for the background. Firstly, tcpdump. I would recommend a command like this, run in a separate terminal window just before you make some test queries in another window: sudo tcpdump -v -i any -c 1 -w port 53 The -c is a safety net to make sure it stops, should you

Bind forwards DNS requests even though forwarding is disabled.

2025-09-02 Thread Sascha Marcel Hacker via bind-users
Hello, I have a Bind server running for a private Samba AD. The server is used exclusively for internal name resolution, an Adguard container is used for requests to the WAN. To enable this, forwarding is disabled on the Bind DNS (primary DNS). Unfortunately, I have noticed that the Bind DNS has

Re: Bind forwards DNS requests even though forwarding is disabled.

2025-09-02 Thread Sascha Marcel Hacker via bind-users
First of all, thank you for your quick response. In this case, “forwarding” may be somewhat of a misplaced term. What I want to achieve, and what has been working for over 5 years, is for BIND DNS to act as the primary DNS for DNS queries relating to intranet name resolution (Samba AD), and for A