<html><body>Hi all, I have a DNS question on how/why my IPA DNS servers are trying to hit the root DNS internet servers. My IPA servers are in private networks only serving DNS for the private domains they manage but recently the network team indicated they see my ipa IPs trying to hit the outside world. After obtaining the logs I noticed they are trying to hit the internet root DNS servers. I then tracked down named.ca on the IPAs which correlates to the IPs the network team is showing. I then found named.conf references named.ca for hints. This is where I imagine it is coming from in named.conf zone "." IN { type hint; file "named.ca"; }; Question is how can I stop my IPA DNS servers from trying to hit the internet root DNS servers? I was thinking commenting out named.ca in named.conf but imagine bad things happening. I guess I could also make a new file for named.ca and reference it in named.conf...then scp it to the other ipas but no idea as to the syntax(giving it a shot at bottom of email) or if it can be empty. Any help is appreciated. IPA clients resolv.conf are set for search domain and the nameserver IPs of the IPA servers. Versions: ipa-server-3.0.0-50.el6.1.x86_64 bind-9.8.2-0.47.rc1.el6.x86_64 Commands used for server install: ipa-server-install --setup-dns Attempt at correct syntax if I need a file with info in it..file named say fakenamed.ca If my IPA servers are named DNS1 10.10.10.1/2001:7fd::1 and DNS2 10.10.10.2/2001:503:c27::2:30 would this work or not even need? ; OPERATED BY ME ; . 3600000 NS DNS1. DNS1. 3600000 A 10.10.10.1 DNS1. 3600000 AAAA 2001:7fd::1 ; ; OPERATED BY ME ; . 3600000 NS DNS2. DNS2. 3600000 A 10.10.10.2 DNS2. 3600000 AAAA 2001:503:c27::2:30 Sean Hogan </body></html>