Multiple DNS Forwards

Dave Walsh dave_j_walsh at keane.com
Wed May 31 20:04:42 UTC 2000


Kevin,

Never mind.  My earlier bonehead statement about my syntax being correct was
not correct.  I went back and checked the Mr. DNS BIND 8.2 whitepaper and
noticed that my syntax is incorrect.  It now works.

Thanks for all your help.

Dave

"Kevin Darcy" <kcd at daimlerchrysler.com> wrote in message
news:392EF904.C4634C1F at daimlerchrysler.com...
> If your version of BIND supports one selective forward, it will certainly
> accept multiples. Are you absolutely certain the syntax is correct?
Depending
> on how you have your logging configured -- including where you place your
> "logging" statement -- you may not be seeing the parse errors.
>
> The only other thing to do would be to turn on debugging. The
> _DNS_and_BIND_ book has some information on how to interpret debugging
output.
> Or just post relevant sections. In particular, you'd want to look at what
zone
> it's finding the queries in and whether it is attempting to forward the
> queries. When debugging, I'd recommend using dig instead of nslookup:
among
> other things, "dig" doesn't make any of those extraneous PTR queries or do
> follow any "searchlist" algorithm that would clutter up the debug logs
with
> irrelevant queries and make them more difficult to interpret.
>
>
> - Kevin
>
> Dave Walsh wrote:
>
> > Hi Kevin,
> >
> > I don't know why but they didn't cut and paste very well. Rest assured,
they
> > are there and I didn't get any errors in my syslog. I don't know why
it's
> > not taking the second forward.
> >
> > Dave
> >
> > "Kevin Darcy" <kcd at daimlerchrysler.com> wrote in message
> > news:392EBDE8.3BA3893E at daimlerchrysler.com...
> > > I believe someone else (Barry?) pointed out that you have some syntax
> > errors in
> > > the named.conf that you attached previously (and I totally missed
those,
> > shame
> > > on me!). Maybe that's the root of your problem.
> > >
> > >
> > > - Kevin
> > >
> > > Dave Walsh wrote:
> > >
> > > > Hi Kevin,
> > > >
> > > > Thanks again for your response.  I really do appreciate your help
since
> > I'm
> > > > so new to DNS.  I've read DNS & BIND and am starting to get a handle
on
> > it a
> > > > bit better.  However, this feature is not very well documented -- at
> > least
> > > > that I can find.
> > > >
> > > > Anyway, I haven't tried dig, but I did to an nslookup and used the
> > server
> > > > 158.138.120.22 (server=158.138.120.22) to see if it could resolve
> > addresses
> > > > in hal.us.partnerco.com and it was fine.  The thing is, I'm not
seeing
> > the
> > > > requests even being sent out my firewall to resolve these addresses
> > which
> > > > leads me to believe that it can't handle the second forward.  That
is,
> > it
> > > > can use my general forward statement, and my first specific forward
> > (i.e.
> > > > partner.com), but it doesn't seem to go to the next one.  Can this
> > selective
> > > > forwarding only use one or can it use multiple?
> > > >
> > > > Thanks again.
> > > >
> > > > Dave
> > > >
> > > > "Kevin Darcy" <kcd at daimlerchrysler.com> wrote in message
> > > > news:392C3C3D.5A32504E at daimlerchrysler.com...
> > > > > It could be that 158.138.120.22 is authoritative for "partner.com"
but
> > > > > *not* "hal.us.partnerco.com", and has recursion turned off. What
> > happens
> > > > if
> > > > > you just point a command-line utility like "dig" at 158.138.120.22
and
> > try
> > > > to
> > > > > resolve those names? Is the RA (Recursion Available) bit set on
the
> > > > > response? Maybe you need to ask your partner what server you
should be
> > > > using
> > > > > to resolve the names.
> > > > >
> > > > >
> > > > > - Kevin
> > > > >
> > > > > Dave Walsh wrote:
> > > > >
> > > > > > Below is the content of my original question and the answer
(from
> > the
> > > > BIND
> > > > > > archives). Your solution worked great. However, our partner
company
> > has
> > > > now
> > > > > > expanded or decentralized and they also have more than just
> > partner.com
> > > > > > names to resolve. They now have hal.us.partnerco.com. I tried
> > putting in
> > > > > > another entry in my named.conf, but it doesn't seem to resolve
hosts
> > in
> > > > > > hal.us.partnerco.com, but partner.com does still work.
> > > > > >
> > > > > > Any ideas?
> > > > > >
> > > > > > TIA
> > > > > >
> > > > > > Dave
> > > > > >
> > > > > > EXAMPLE: named.conf
> > > > > >
> > > > > > =====================
> > > > > >
> > > > > > options {
> > > > > >
> > > > > > directory "/var/named";
> > > > > >
> > > > > > forwarders { 227.252.18.10; };
> > > > > >
> > > > > > forward only;
> > > > > >
> > > > > > query-source address * port 53;
> > > > > >
> > > > > > };
> > > > > >
> > > > > > zone "0.0.127.IN-ADDR.ARPA" in {
> > > > > >
> > > > > > type master;
> > > > > >
> > > > > > file "db.127.0.0";
> > > > > >
> > > > > > notify no;
> > > > > >
> > > > > > };
> > > > > >
> > > > > > zone "mycompany.ca" in {
> > > > > >
> > > > > > type master;
> > > > > >
> > > > > > file "db.mycompany";
> > > > > >
> > > > > > };
> > > > > >
> > > > > > ** NOTE: I CAN RESOLVE HOSTS IN PARTNER.COM
> > > > > >
> > > > > > zone "partner.com" {
> > > > > >
> > > > > > type forward;
> > > > > >
> > > > > > forward only;
> > > > > >
> > > > > > forwarders { 158.138.120.22; }
> > > > > >
> > > > > > }
> > > > > >
> > > > > > ** NOTE: I CAN'T RESOLVE HOSTS IN HAL.US.PARTNERCO.COM
> > > > > >
> > > > > > zone "hal.us.partnerco.com" {
> > > > > >
> > > > > > type forward;
> > > > > >
> > > > > > forward only;
> > > > > >
> > > > > > forwarders { 158.138.120.22; }
> > > > > >
> > > > > > }
> > > > > >
> > > > > > zone "57.168.192.IN-ADDR.ARPA" in {
> > > > > >
> > > > > > type master;
> > > > > >
> > > > > > file "db.192.168.57";
> > > > > >
> > > > > > };
> > > > > >
> > > > > > zone "0.1.10.IN-ADDR.ARPA" in {
> > > > > >
> > > > > > type master;
> > > > > >
> > > > > > file "db.10.1.0";
> > > > > >
> > > > > > };
> > > > > >
> > > > > > zone "0.30.10.IN-ADDR.ARPA" in {
> > > > > >
> > > > > > type master;
> > > > > >
> > > > > > file "db.10.30.0";
> > > > > >
> > > > > > };
> > > > > >
> > > > > > zone "148.208.198.IN-ADDR.ARPA" in {
> > > > > >
> > > > > > type master;
> > > > > >
> > > > > > file "db.198.208.1481";
> > > > > >
> > > > > > };
> > > > > >
> > > > > > // zone "." in {
> > > > > >
> > > > > > // type hint;
> > > > > >
> > > > > > // file "db.cache";
> > > > > >
> > > > > > // };
> > > > > >
> > > > > > END NAMED.CONF
> > > > > >
> > > > > > ORIGINAL CORRESPONDENCE
> > > > > >
> > > > > > There is really no such thing as "conditional" forwarding in
BIND 8.
> > > > There
> > > > > >
> > > > > > is, however, "selective" forwarding. The difference is more than
> > > > semantic:
> > > > > >
> > > > > > selective forwarding works *unconditionally*, i.e. has no
relation
> > to
> > > > > >
> > > > > > events or state, but is specified on a zone-by-zone basis, i.e.
all
> > > > queries
> > > > > >
> > > > > > in a specific zone X should be forwarded to a specific set of
> > servers Y,
> > > > Z,
> > > > > >
> > > > > > etc.. In your case, you'd set up a zone of type "forward" for
your
> > > > business
> > > > > >
> > > > > > partner's domain, let's call it "partner.com". And also in the
zone
> > > > > >
> > > > > > definition you'd specify "forward only" and a "forwarders"
clause
> > > > > >
> > > > > > containing the addresses of the partner's nameservers. So it
would
> > look
> > > > > >
> > > > > > something like:
> > > > > >
> > > > > > zone "partner.com" {
> > > > > >
> > > > > > type forward;
> > > > > >
> > > > > > forward only;
> > > > > >
> > > > > > forwarders { x.x.x.x; y.y.y.y; };
> > > > > >
> > > > > > }
> > > > > >
> > > > > > In your situation, selective forwarding would probably be better
> > than
> > > > > >
> > > > > > conditional forwarding anyway, which would waste time and
resources
> > > > sending
> > > > > >
> > > > > > queries to the wrong places.
> > > > > >
> > > > > > A couple of other alternatives to consider, depending on your
> > > > performance
> > > > > >
> > > > > > characteristics and/or requirements, or redundancy requirements,
> > would
> > > > > >
> > > > > > include stub or slave zones.
> > > > > >
> > > > > > - Kevin
> > > > > >
> > > > > > Dave_Walsh wrote:
> > > > > >
> > > > > > > We are a satellite organization of our parent organization. At
> > > > present,
> > > > > >
> > > > > > >
> > > > > >
> > > > > > > all of our Win95 PCs point to my local DNS server with a
forward
> > > > > >
> > > > > > > statement
> > > > > >
> > > > > > > to our parent organization's DNS server for name resolution.
In
> > other
> > > > > >
> > > > > > > words, anything not resolved locally, will be forwarded to our
> > > > corporate
> > > > > >
> > > > > > >
> > > > > >
> > > > > > > head office (where our Internet access is also). We've
recently
> > > > > >
> > > > > > > acquired a
> > > > > >
> > > > > > > project with a business partner that requires only our
location to
> > > > have
> > > > > >
> > > > > > > access to the partner's DNS server so I can resolve names in
their
> > > > name
> > > > > >
> > > > > > > space.
> > > > > >
> > > > > > >
> > > > > >
> > > > > > > What's the best approach to accomodate all my needs? I must be
> > able to
> > > > > >
> > > > > > > resolve local IP names, corporate names in the corporate WAN,
> > Internet
> > > > > >
> > > > > > > names (via corporate) & the names at our new business partner.
Can
> > I
> > > > > >
> > > > > > > put on a second
> > > > > >
> > > > > > > forwarder statement on my local DNS server that will
effectively
> > say,
> > > > > >
> > > > > > > "if
> > > > > >
> > > > > > > you can't resolve it yourself, try the corporate DNS, if you
can't
> > > > > >
> > > > > > > resolve
> > > > > >
> > > > > > > it there, try the partner DNS?".
> > > > > >
> > > > > > >
> > > > > >
> > > > > > > Mr. DNS says that conditional forwarding of BIND 8.2 will do
it.
> > I'm
> > > > > >
> > > > > > > pretty new to DNS. Can someone please advise.
> > > > > >
> > > > > > >
> > > > > >
> > > > > > > TIA
> > > > > >
> > > > > > >
> > > > > >
> > > > > > > Dave
> > > > > >
> > > > > > >
> > > > > >
> > > > > > > -- Binary/unsupported file stripped by Listar --
> > > > > >
> > > > > > > -- Type: text/x-vcard
> > > > > >
> > > > > > > -- File: Dave_J_Walsh.vcf
> > > > > >
> > > > > > > -- Desc: Card for Dave_Walsh
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > >
> > >
> > >
> > >
> > >
> > >
>
>
>
>
>
>




More information about the bind-users mailing list