Hi all:

We're running DNS on Netware 6.5 SP2 as a clustered resource. It is working very well (thanks for asking!)
We have been running through our year end security self audit and I have been tweaking our DNS setup up.
What I have done is this:

Each client on LAN: gets 2 DNS entries. One local DNS server and one at a remote office (both Netware). Offices are interconnected by private lines so this process is all behind the firewall.

Each Netware DNS server - is configured to query 3 remote DNS servers (on internet). (eg: 3 nameserver entries in their resolve.cfg)
This is locked down with firewall rules. No inbound DNS queries are allowed (since we are not authoritative for our zone) and no queries to other DNS servers are allowed.

This is working well, but I see on the firewall logs that my DNS server is periodically trying to get out to various root servers - k.root-servers.net, etc.
What is it doing, and should I allow it to do this?

Thanks for any insight you would care to share on this.

- Joe