Don Russell wrote: > Yes, I just looked at that... the file has a different name (named.ca), > but it seems to describe all the root servers.... > > I gather that means my FC5 box is now using the root servers directly to > resolve addresses instead of "lower", possibly caching, servers. Not really... Your DNS server is contacting the root servers and they in turn are telling your server where to go to find the information. Your server is then contacting that server for the information. > hmmm, that doesn't sound good... :-( But I'm pretty new to dns details.... Oh, it is actually OK/good. You've set up what is referred to as a caching name server. To steal text from a site.... "A Caching Server obtains information from another server (a Zone Master) in response to a host query and then saves (caches) the data locally. On a second or subsequent request for the same data the Caching Server will respond with its locally stored data (the cache) until the time-to-live (TTL) value of the response expires at which time the server will refresh the data from the zone master. If the caching server obtains its data directly from a zone master it will respond as 'authoritative', if the data is supplied from its cache the response is 'non-authoritative'. The default BIND behaviour is to cache and this is associated with the recursion parameter (the default is 'recursion yes'). There are many configuration examples which show caching behaviour being defined using a type hint statement in a zone declaration. These configurations confuse two distinct but related functions. If a server is going to provide caching services then it must provide recursive queries and recursive queries need access to the root servers which is provided via the 'type hint' statement." All that is well and good....but I would make sure that you don't allow DNS queries from outside of your network. For various reasons. Ed -- Shall we make a new rule of life from tonight: always to try to be a little kinder than is necessary? -- J.M. Barrie
