Linux – Restrict “Authority Section” on BIND

binddomain-name-systemlinuxquery

I just switched from Microsoft DNS to BIND 9.3 for a DNS acting as a Caching Nameserver.

Previously when I used "dig" to perform a lookup…I just got the "QUESTION" & "ANSWER SECTION" with Microsoft DNS. Now I receive (with BIND) an "AUTHORITY SECTION" (pointing to the nameservers of the domain I'm querying) all the time.

Is there an option in named.conf that could control this behaviour? I don't want to provide the "AUTHORITY" to the clients.

Thanks,
JFA

Best Answer

Check out minimal-responses in the options statement. That looks like it will do what you want. The docs say:

minimal-responses

If yes, then when generating responses the server will only add records to the authority and additional data sections when they are required (e.g. delegations, negative responses). This may improve the performance of the server. The default is no.

Related Solutions

CentOS BIND DNS Troubleshooting

Some suggestions:

Remove the two google nameservers from your resolv.conf. Your nameserver is failing, but you're not getting much useful information because nslookup is falling through to the next nameserver.

Use dig instead if nslookup. The status response from dig is helpful in troubleshooting.

dig @192.168.100.10 mac1.max.app. a
dig @192.168.100.10 max.app. ns

Make sure you check your logs to see if your zone is actually loading.

Check netstat to make sure named is listening on port 53 of the appropriate interface.

Linux – DNS Problems (NIGHTMARES!) with BIND and Virtualmin

Your output from named-checkconf -z indicated that there was a syntax error in /var/lib/bind/mydomain.com.hosts, the only file you didn't actually post. Check the file and fix any errors in it.

Best Answer

Related Solutions

CentOS BIND DNS Troubleshooting

Linux – DNS Problems (NIGHTMARES!) with BIND and Virtualmin

Related Topic