Forwarding Zones with Bind 8

Barry Margolin barmar at genuity.net
Fri Dec 7 18:35:48 UTC 2001 

In article <9uqv8u$aos at pub3.rc.vix.com>,
bela <bela at localhost.localdomain> wrote:
>Does anyone know of an issue with forwarding reverse records with bind 8.1
>on SunOS 5.7 ?
>
>A little more detail
>
>We have a Sun server running Bind 8.1 (or atleast an early release of
>Bind 8) We need to do delegate 4 class C blocks for reverse lookup. On 
>RedHat 7.X servers running Bind 9 I can do this by configuring forwarding for
>the in-addr.arpa zones to the delegated name server hosting the reverse
>records. But if it is done on a SunOS running bind 8 it fails to resolve
>via the delegated name server.

BIND doesn't treat reverse domains specially in any way, they're just
ordinary zones as far as it's concerned.

If you're trying to delegate subdomains, why are you using forwarding
instead of delegation?

Is the actual case that these class C's are delegated to your server, but
you're not authoritative for them?  Forwarding isn't the correct way to
handle this, because the server that a zone is delegated to is required to
be authoritative for it.  When you're configured as a forwarder, you'll
cache the responses that go through you, and then respond
non-authoritatively to the original query, and you'll be declared lame.
This should be the same with BIND 8 and 9, so I don't understand why you're
getting different behavior (since you didn't post the named.conf or the
specific errors, it's hard to guess what's happening).

There are two ways you can deal with this situation:

1) Instead of forwarding, configure your server as a slave.

2) Use the technique in RFC 2317 to delegate the entire contents of the
   class C to the other servers.  E.g. if 1.2.3.in-addr.arpa is delegated
   to you, you should be this in the DB file:

0/24 IN NS <otherserver1>
     IN NS <otherserver2>
$GENERATE 0-255 $ IN CNAME $.0/24

Then the other servers should be configured as master and slave for
0/24.1.2.3.in-addr.arpa.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list