Bind updating root hint data file
The Berkeley Internet Name Domain (BIND) software is installed on most Linux distributions, and is also available from the Internet Systems Consortium site.The "." zone below tells named to check this file for a list of the root name servers, so it knows where to send external queries.OK, if we are going to do this, then we should use a concrete example eh? // Controls who can make queries of this DNS server. When there is a standardized IP addr scheme, we can have // those addr ranges enabled so that even if firewall rules get broken, the // public internet can't query the internal DNS. It should have an NS record for "." with the name of the root server and an A record for that name. The "." zone needs to have "bogus" with an ns record for itself. I have 3 machines setup on a private VLAN for testing this. // acl "authorized" ; options ; logging ; // // The fake root. ( 2008101601 ; serial 1H ; refresh 2H ; retry 14D ; expire 5M ) ; minimum ; ; Fake root zone servers defined. It then should have A records for box1.bogus going to box1 and box2.bogus going off to box2. zone1 and zone2 should be NS records pointing to box1 and box2. :) I don't have a hints file on the 'root nameserver' since that one has the definition for root. And I think I get what you are saying about the hostnames not being the same as the zones.
By using the normal internet root hints, you're more or less precluded from using your own internal root, because none of the real Internet root servers know about "bogus". @10.0.0.1 (bogus) should return authoritative records for '.', since it is indeed authoritative for the zone. @10.0.0.2 (itchy) should not return authoritative records for '.', since it isn't.This enables the caching nameserver feature of BIND, by forwarding any unknown requests to the root nameservers listed in the file.This zone should already be listed in the configuration.This can be fixed by introducing your own DNS for the internal network.This chapter will provide the steps necessary to configure your own DNS server to assist in internal name resolution and to provide a caching service for external domains.
Let's say that the domains are zone1.bogus and zone2.bogus instead.