BIND 9.16.31
The forwarders.conf is always changed to that shown below. I do not want two of the listed IPs (2620:119:35::35 and 208.67.222.222). Removing them manually is futile; every time named is restarted, those IPs reappear.
I have searched in vain for where netconfig thinks it is a wise plan to add those IPs.
cat /etc/named.d/forwarders.conf
### /etc/named.d/forwarders.conf is a symlink to /var/run/netconfig/bind-forwarders.conf
### autogenerated by netconfig!
### Call "netconfig update -f" to force adjusting of /etc/named.d/forwarders.conf.
forwarders {
64.119.32.100;
8.8.8.8;
13.58.209.22;
2620:119:35::35;
2001:4860:4860::8888;
208.67.222.222;
However, in the named working directory:
forwarders {
8.8.8.8;
13.58.209.22;
64.119.32.100
2001:4860:4860::8888;
which what I want. named, however, does not use that file for the forwarder configuration. Rather it uses the one further above.
The reason I wish to remove those IPs is that the named.log file is cluttered with these messages:
21-Aug-2022 11:01:06.869 resolver: notice: DNS format error from 208.67.222.222#53 resolving 80.209.35.in-addr.arpa/DS for <unknown>: invalid response
21-Aug-2022 11:03:28.090 resolver: notice: DNS format error from 208.67.222.222#53 resolving 80.209.35.in-addr.arpa/DS for <unknown>: invalid response
21-Aug-2022 11:03:38.119 resolver: notice: DNS format error from 208.67.222.222#53 resolving lovepop.com/DS for <unknown>: invalid response
While tidiness is hardly a priority, I am annoyed that I cannot remove those IPs from named’s configuration.
Values in /etc/sysconfig/network/config:
NETCONFIG_MODULES_ORDER="dns-resolver dns-bind dns-dnsmasq nis ntp-runtime"
NETCONFIG_DNS_POLICY="auto"
NETCONFIG_DNS_FORWARDER="bind"
NETCONFIG_DNS_FORWARDER_FALLBACK="yes"
NETCONFIG_DNS_STATIC_SEARCHLIST="sma.com"
NETCONFIG_DNS_STATIC_SERVERS=" 64.119.32.100 8.8.8.8 13.58.209.22"
NETCONFIG_DNS_RANKING="auto"
NETCONFIG_NTP_POLICY="auto"
NETCONFIG_NTP_STATIC_SERVERS=""
NETCONFIG_NIS_POLICY="auto"
NETCONFIG_NIS_SETDOMAINNAME="yes"
NETCONFIG_NIS_STATIC_DOMAIN=""
NETCONFIG_NIS_STATIC_SERVERS=""
Options in named.conf:
options {
directory "/var/lib/named";
dump-file "/data01/var/log/named/named_dump.db";
statistics-file "/data01/var/log/named/named.stats";
zone-statistics yes;
#forwarders { 192.0.2.1; 192.0.2.2; };
listen-on port 53 { any; };
listen-on-v6 { any; };
#query-source address * port 53;
#transfer-source * port 53;
#notify-source * port 53;
allow-query { any; };
recursion yes;
# Prevent recursive queries, a la DNS Amplification DDoS
# allow-recursion { none; };
# allow-recursion { localip; };
# allow-recursion { smanets; };
# allow-transfer { localip; };
# additional-from-cache no;
notify no;
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
include "/etc/named.d/forwarders.conf";
also-notify { };
forward first;
transfer-format many-answers;
# all-per-second 20; // covers all queries from client
rate-limit { referrals-per-second 5; responses-per-second 5; window 2; };
};