Forwarding problems and lame NS

Joseph S D Yao jsdy at cospo.osis.gov
Fri Jun 4 15:10:53 UTC 1999


> 	I have problems with forwarding/recursion DNS request to my
> enterprisewide DNS server from the site ones. I' using bind 8.2 under
> AIX 4.2.1, HP-UX 10.20 and Solaris 2.6...
...
> When I ask the server dns.PARIS.ENTERPRISE.GROUP.com server to give me
> the adresse of mail.LONODN.ENTERPRISE.GROUP.com, bind 8.2 reply with a
> SERVFAIL, it does not even contact the server
> dns.LONDON.ENTERPRISE.GROUP.com, in the log file of named.run (of
...

There are a couple of different things you could do to correct this.

When you say that the named.conf you displayed is "site-wide", I
suspect that you are saying that it is the same on all DNS servers.
Two possible fixes are:

All subdomain servers forward-only to the domain server
Domain server forwards to firewall server (or is not forwarding)
All servers have firewall server as root [or enterprise server as root,
	and enterprise server has "real" roots]
Domain server has NS records for all subdomains

ISTM this should work.  I also have

Domain server has "forward" zones to all subdomains

Another approach, if you have a firewall DNS server, is:

All servers forward-only to the firewall server
All servers have firewall server as root
Firewall server has "forward" zones to all servers

--
Joe Yao				jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support					EMT-B
-----------------------------------------------------------------------
      This message is not an official statement of COSPO policies.



More information about the bind-users mailing list