How to configure bind9 to be a local DNS only with no internet access?
To achieve this you need to create a fake root zone to replace the "root.hints" zone that's normally configured.
In named.conf put this:
zone "." IN {
type master;
file "fake.root";
};
and in fake.root put this:
$TTL 300
. IN SOA ns. hostmaster.xy.com. (
20120101 1800 900 604800 86400
)
. IN NS ns
ns IN A 127.0.0.1
This will prevent all attempts to access the internet to obtain the real root hints.
You can also put your pcN.xy.com entries directly into that root zone, too - there's no need for them to be in their own xy.com zone file, so you can just append the following to fake.root:
$ORIGIN xy.com.
pc1 IN A 10.1.1.1
pc2 IN A 10.1.1.2
pc3 IN A 10.1.1.3
pc4 IN A 10.1.1.4
pc5 IN A 10.1.1.5
Apart from any options { } that you may need (ACLs?) that's it - nothing else required.
You need to disable recursion:
Add to the config:
allow-transfer {“none”;};
allow-recursion {“none”;};
My config "named.conf" looks like this (on RHEL system):
options {
allow-query {
any;
};
allow-recursion {
none;
};
You did not describe your configuration in enough detail. I think you are missing the authoritative part. You need to have a block like this in your config files:
zone "domain.lan" {
type master;
file "master/db.domain.lan";
allow-update { none; };
};
where master/db.domain.lan should point to the zone file which should contain the records you posted above. Also, the zone file should have SOA (start of authority) record in its header. The zone file should like like:
domain.lan. 86400 IN SOA dns.domain.lan. root.dns.domain.lan. ( 1 10800 3600 6044800 86400 )
86400 IN NS dns.domain.lan.
dns.domain.lan. 86400 IN A 10.10.10.1
pc.domain.lan. 86400 IN A 10.10.10.2
You can customize the names/values/IPs according to your needs.