0

I have disabled my local network DNS forwarder. But somehow internet names are still get resolved. Any idea how to stop this from happening?

evolon
  • 101
  • 3

1 Answers1

2

Perhaps turning recursion off will do the trick:

allow-recursion { none; };

Or:

recursion no;

Explanation: Turning off the forwarders will prevent your DNS from sending requests to another (likely recursive) server. You also need recursion turned off on your own server to prevent it from doing the recursive queries itself.

Brandon Xavier
  • 2,022
  • 13
  • 15
  • Thanks, Good point. But how recursive queries can take place with forwarders turned off? I mean how current DNS chooses the next one to pass the query without knowing its IP address? – evolon Sep 02 '15 at 12:14
  • It queries the root nameservers to find the authoritative nameservers for the domain (such as example.com) and then directly queries those nameservers (such as ns1.example.com). – Brandon Xavier Sep 02 '15 at 12:17
  • Thanks Brandon, Do you know any lightweight source to get familiar with DNS? – evolon Sep 02 '15 at 12:25
  • It's been a looong time since I got familar with DNS so don't have a lot of lower level references handy. You might try http://www.zytrax.com/books/dns/ It seems to have some easily readable introduction chapters. (You'll find in studying DNS that until you know the basics, a LOT of material you come across can be very cryptic and hard to read - but it does get easier with experience) – Brandon Xavier Sep 02 '15 at 12:36