Bind updating root hint data file
;; Received 500 bytes from 220.127.116.11#53(18.104.22.168) in 19 ms . Some of the alternate DNS root providers do this, but they supply root hints for their "customers" to use that do not reference the "real" root servers at all. Your name server won't use the hint to give answers to dig.
2008102201 1800 86400 ;; Received 92 bytes from 22.214.171.124#53(H. You'd do this by periodically dumping the root zone and running it through some processing to add your custom zone to it. But if you do it a 2nd time, you'll get a cached result and the 'aa' flag will be clear.
Alright, I am going to state up front that this question may be too involved (amount of detail not complexity) for this medium. I am attempting to setup a proof of concept project and my BIND configuration is my first big hurdle. None of these boxes needs to resolve public addresses, this is internal only. A 10.0.0.3 trace itchy.bogus ;; global options: printcmd . ;; Received 57 bytes from 10.0.0.1#53(10.0.0.1) in 1 ms itchy.bogus. ;; Received 69 bytes from 10.0.0.1#53(ns.bogustld) in 0 ms itchy.bogus. // acl "authorized" ; options ; logging ; zone "." IN ; zone "itchy.bogus" ; Questions on Stack Overflow are expected to relate to programming within the scope defined by the community.
This chapter will provide the steps necessary to configure your own DNS server to assist in internal name resolution and to provide a caching service for external domains. It will insist on actually querying 10.0.0.1 for bogustld. That is, it won't give the hint back to dig as an answer. Your only choice would be to mirror the root "." zone from within your ".", but then add "bogus" to it. It return an authoritative record the first time you query for a name in the root zone, because it has to recurse and fetch an authoritative record from the authoritative server. By using the normal internet root hints, you're more or less precluded from using your own internal root, because none of the real Internet root servers know about "bogus". @10.0.0.1 (bogus) should return authoritative records for '.', since it is indeed authoritative for the zone. @10.0.0.2 (itchy) should not return authoritative records for '.', since it isn't.