Multiple DNS Forwards

[Dave Walsh]

Hi Kevin,

Thanks again for your response.  I really do appreciate your help since I'm
so new to DNS.  I've read DNS & BIND and am starting to get a handle on it a
bit better.  However, this feature is not very well documented -- at least
that I can find.

Anyway, I haven't tried dig, but I did to an nslookup and used the server
158.138.120.22 (server=158.138.120.22) to see if it could resolve addresses
in hal.us.partnerco.com and it was fine.  The thing is, I'm not seeing the
requests even being sent out my firewall to resolve these addresses which
leads me to believe that it can't handle the second forward.  That is, it
can use my general forward statement, and my first specific forward (i.e.
partner.com), but it doesn't seem to go to the next one.  Can this selective
forwarding only use one or can it use multiple?

Thanks again.

Dave

"Kevin Darcy" <kcd at daimlerchrysler.com> wrote in message
news:392C3C3D.5A32504E at daimlerchrysler.com...
> It could be that 158.138.120.22 is authoritative for "partner.com" but
> *not* "hal.us.partnerco.com", and has recursion turned off. What happens
if
> you just point a command-line utility like "dig" at 158.138.120.22 and try
to
> resolve those names? Is the RA (Recursion Available) bit set on the
> response? Maybe you need to ask your partner what server you should be
using
> to resolve the names.
>
>
> - Kevin
>
> Dave Walsh wrote:
>
> > Below is the content of my original question and the answer (from the
BIND
> > archives). Your solution worked great. However, our partner company has
now
> > expanded or decentralized and they also have more than just partner.com
> > names to resolve. They now have hal.us.partnerco.com. I tried putting in
> > another entry in my named.conf, but it doesn't seem to resolve hosts in
> > hal.us.partnerco.com, but partner.com does still work.
> >
> > Any ideas?
> >
> > TIA
> >
> > Dave
> >
> > EXAMPLE: named.conf
> >
> > =====================
> >
> > options {
> >
> > directory "/var/named";
> >
> > forwarders { 227.252.18.10; };
> >
> > forward only;
> >
> > query-source address * port 53;
> >
> > };
> >
> > zone "0.0.127.IN-ADDR.ARPA" in {
> >
> > type master;
> >
> > file "db.127.0.0";
> >
> > notify no;
> >
> > };
> >
> > zone "mycompany.ca" in {
> >
> > type master;
> >
> > file "db.mycompany";
> >
> > };
> >
> > ** NOTE: I CAN RESOLVE HOSTS IN PARTNER.COM
> >
> > zone "partner.com" {
> >
> > type forward;
> >
> > forward only;
> >
> > forwarders { 158.138.120.22; }
> >
> > }
> >
> > ** NOTE: I CAN'T RESOLVE HOSTS IN HAL.US.PARTNERCO.COM
> >
> > zone "hal.us.partnerco.com" {
> >
> > type forward;
> >
> > forward only;
> >
> > forwarders { 158.138.120.22; }
> >
> > }
> >
> > zone "57.168.192.IN-ADDR.ARPA" in {
> >
> > type master;
> >
> > file "db.192.168.57";
> >
> > };
> >
> > zone "0.1.10.IN-ADDR.ARPA" in {
> >
> > type master;
> >
> > file "db.10.1.0";
> >
> > };
> >
> > zone "0.30.10.IN-ADDR.ARPA" in {
> >
> > type master;
> >
> > file "db.10.30.0";
> >
> > };
> >
> > zone "148.208.198.IN-ADDR.ARPA" in {
> >
> > type master;
> >
> > file "db.198.208.1481";
> >
> > };
> >
> > // zone "." in {
> >
> > // type hint;
> >
> > // file "db.cache";
> >
> > // };
> >
> > END NAMED.CONF
> >
> > ORIGINAL CORRESPONDENCE
> >
> > There is really no such thing as "conditional" forwarding in BIND 8.
There
> >
> > is, however, "selective" forwarding. The difference is more than
semantic:
> >
> > selective forwarding works *unconditionally*, i.e. has no relation to
> >
> > events or state, but is specified on a zone-by-zone basis, i.e. all
queries
> >
> > in a specific zone X should be forwarded to a specific set of servers Y,
Z,
> >
> > etc.. In your case, you'd set up a zone of type "forward" for your
business
> >
> > partner's domain, let's call it "partner.com". And also in the zone
> >
> > definition you'd specify "forward only" and a "forwarders" clause
> >
> > containing the addresses of the partner's nameservers. So it would look
> >
> > something like:
> >
> > zone "partner.com" {
> >
> > type forward;
> >
> > forward only;
> >
> > forwarders { x.x.x.x; y.y.y.y; };
> >
> > }
> >
> > In your situation, selective forwarding would probably be better than
> >
> > conditional forwarding anyway, which would waste time and resources
sending
> >
> > queries to the wrong places.
> >
> > A couple of other alternatives to consider, depending on your
performance
> >
> > characteristics and/or requirements, or redundancy requirements, would
> >
> > include stub or slave zones.
> >
> > - Kevin
> >
> > Dave_Walsh wrote:
> >
> > > We are a satellite organization of our parent organization. At
present,
> >
> > >
> >
> > > all of our Win95 PCs point to my local DNS server with a forward
> >
> > > statement
> >
> > > to our parent organization's DNS server for name resolution. In other
> >
> > > words, anything not resolved locally, will be forwarded to our
corporate
> >
> > >
> >
> > > head office (where our Internet access is also). We've recently
> >
> > > acquired a
> >
> > > project with a business partner that requires only our location to
have
> >
> > > access to the partner's DNS server so I can resolve names in their
name
> >
> > > space.
> >
> > >
> >
> > > What's the best approach to accomodate all my needs? I must be able to
> >
> > > resolve local IP names, corporate names in the corporate WAN, Internet
> >
> > > names (via corporate) & the names at our new business partner. Can I
> >
> > > put on a second
> >
> > > forwarder statement on my local DNS server that will effectively say,
> >
> > > "if
> >
> > > you can't resolve it yourself, try the corporate DNS, if you can't
> >
> > > resolve
> >
> > > it there, try the partner DNS?".
> >
> > >
> >
> > > Mr. DNS says that conditional forwarding of BIND 8.2 will do it. I'm
> >
> > > pretty new to DNS. Can someone please advise.
> >
> > >
> >
> > > TIA
> >
> > >
> >
> > > Dave
> >
> > >
> >
> > > -- Binary/unsupported file stripped by Listar --
> >
> > > -- Type: text/x-vcard
> >
> > > -- File: Dave_J_Walsh.vcf
> >
> > > -- Desc: Card for Dave_Walsh
>
>
>
>
>
>