Hello!
I have a DNS server running named on a RHEL 6.2 for very small development servers/clients network. I see the below logs on /var/named/data/named.run
error (network unreachable) resolving 'D.ROOT-SERVERS.NET/AAAA/IN': 198.41.0.4#53
error (network unreachable) resolving 'D.ROOT-SERVERS.NET/AAAA/IN': 193.0.14.129#53
error (network unreachable) resolving 'E.ROOT-SERVERS.NET/AAAA/IN': 198.41.0.4#53
error (network unreachable) resolving 'E.ROOT-SERVERS.NET/AAAA/IN': 2001:dc3::35#53
error (network unreachable) resolving 'G.ROOT-SERVERS.NET/AAAA/IN': 198.41.0.4#53
error (network unreachable) resolving 'G.ROOT-SERVERS.NET/AAAA/IN': 2001:dc3::35#53
error (network unreachable) resolving 'I.ROOT-SERVERS.NET/AAAA/IN': 192.58.128.30#53
error (network unreachable) resolving 'I.ROOT-SERVERS.NET/AAAA/IN': 2001:dc3::35#53
error (network unreachable) resolving 'L.ROOT-SERVERS.NET/AAAA/IN': 2001:503:c27::2:30#53
error (network unreachable) resolving 'L.ROOT-SERVERS.NET/AAAA/IN': 2001:500:1::803f:235#53
I have never configured any forwarding on the DNS server. Then why is it trying to look up on external DNS servers -- this is what I am trying to understand.
Here's how my named.conf looks like:
options {
listen-on port 53 { 127.0.0.1; 10.0.1.102; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "vmnet.com" IN {
type master;
file "vmnet.com.zone";
};
zone "1.0.10.in-addr.arpa" IN {
type master;
file "vmnet.com.rev.zone";
};
include "/etc/named.rfc1912.zones";
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "jMR4mMP5RfO1WE5N56Kq6A==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
This server is isolated from outside world and serves a small group of development machines. Can anyone tell me where I need to look at?
I figured the below entry has something to do with it. Root hint?
zone "." IN { type hint; file "named.ca"; };
How do I avoid it?