I'm primarily in a OSX environment and I'm seeing a large number of NXDOMAIN responses from our internal DNS servers. The queries that trigger these responses are what I believe to be mDNS/Bonjour style addresses that look like the following:
b._dns-sd._udp.company.com
r._dns-sd._udp.0.35.16.172.in-addr.arpa
b._dns-sd._udp.0.1.168.192.in-addr.arpa
dr._dns-sd._udp.0.1.168.192.in-addr.arpa
lb._dns-sd._udp.0.1.168.192.in-addr.arpa
b._dns-sd._udp.0.1.1.10.in-addr.arpa
Each host gets around 4000 NXDOMAIN responses a day for. I don't believe this is normal for OSX machines, at least I hope not. Also, our internal DNS servers recursively request answers from these addresses to the root name servers which can't answer them.
Does anyone know how I can stop the workstations from sending these requests and/or how to tell my internal name servers (BIND 9) to not "forward" these requests to the internet? We use Bonjour internally for easy printer configuration and screen sharing.
EDIT: the requests that make it to the internet are only PTR (reverse) queries.
Thanks Jon
Your DNS server shouldn't be forwarding queries for company.com if company.com is your internal DNS zone. It's authoritative for company.com and the buck stops there.
As for forwarding the PTR queries, set up a rDNS zone for 10.0.0.0, 172.16.0.0 and 192.168.0.0, which will stop your server from forwarding those queries for the same reason as in #1.
As for how to stop the clients from making those queries, I'm afraid that disabling Bonjour is probably the only way.