forwarding on zone base does'nt work; again

Thu Jan 13 17:28:41 UTC 2000

John Horne wrote:

> > Thomas Stalder <tom at coco.ch> wrote:
> >>I'm running Bind 8.2.2-P5 on a Sun Ultra 5, with Solaris 7.
> >>Configured as master for a few 'internal' domains and slave for
> >>a few more 'internal' domains. This works fine so far.
> >>I tried to set up a forwarder for another internal domain,
> >>which does not allow zone transfers.
> >>
> >>This does not work. I get following:
> >>
> >>Jan 12 15:49:12 dns001 named[164]: /etc/named.conf:59: syntax error near
> >>forward
>
> >>zone "firm-internal.com" in {         //  <- line 58  (my comments)
> >>      type forward;
> >>      forward only;
> >>      forwarders {
> >>      10.41.8.91;                             //  <- Intranet  Name Server
> >>      };
> >>};
> >
> I would say that it is your 'type forward' that is wrong. You are asking for
> the local name server to resolve queries if it can (from its cache or
> authoritative data), and if not *then* forward the request (forward only)
> to other name server (forwarders {...}). However, you haven't said what type
> of server the local one is.

You can only have one zone statement for a given zone, so named knows *exactly*
what type of server the local one is, with respect to this zone: it's a
forwarding server and nothing else. There is nothing wrong with the
configuration, as long as a properly-compiled version of 8.2 named is reading
it. The suspicion is that the original poster is trying to use a pre-8.2 named
with this configuration, which doesn't work. Another, less likely possibility is
that his named wasn't compiled correctly.

> I'm not sure that I understand what you are trying to do though. If you are
> not master or secondary for the zone, but have it delegated then can't you
> just add the NS and A records for their name server to your own zone file?

What zone file would that be? If you're just forwarding for a zone, you don't
have a zone file for it. And you can't assume you're master for its parent
either. Even if you are master for the parent, you may not want to delegate it;
maybe it's a "private" zone that only you and the other server are supposed to
know about (although I can't think offhand why one would do that).

> Any queries would then hit your name server; have nothing local but the NS
> records and pass them back.

That's fine for an iterative query, but are you going to give back a referral in
response to a recursive query? You have effectively turned off recursion for the
zone, then, which is probably an unexpected effect.

> The query then goes directly to the zone's master
> name server. You don't need any special named.conf zone entry as it were for
> them - just NS and A records in your own zone file.

If you create a zone file with just NS and A records, how are you going to load
it? As master? It'll be rejected due to lack of an SOA. As slave or stub? It'll
get overwritten by the next transfer. I can't think of any way that your
suggestion could work. Old versions of BIND used to allow you to throw arbitrary
NS & A records into your hints file, but that hasn't worked for a while. That's
why they invented "forwarding zones" instead.

- Kevin