Forward by zone...

Chimento, Douglas Douglas.Chimento at FMR.COM
Sat Nov 10 05:32:19 UTC 2001


Thank you very much for you help.  But it very difficult to explain what I
am doing, of course I would never configure my name server to do this , its
crap. Here is what I can tell that may be of help

Server b ( the one I am forwarding to) , is not a true BIND server , its a
3dns f5 box. 
I can't do a zone transfer of the sub-domain sweet.dude.com because they
want 3dns to handle all queries
Which leaves me with the forward by zone implementation. ( by the way the NS
records worked!! )

> Is this version of dude.com only visible to internal machines?
yes 

> Who do you want to know about sweet.dude.com?
not sure what you mean , or why this is relevant. But i guess any one who is
pointed to Server A ( master for dude.com ) 
would want to know about sweet.dude.com ( ues , i know its dumb response ) 

>Are you just trying to override the global forwarding for
	internal subdomains?
kind of but not really


I think the main point of all of this is:

I want RRs in sweet.dude.com to be answered by another server, it just so
happens that server A also has dude.com 
as master and i can't  do sub domain delegation  

I hope this helps
Thank you

-----Original Message-----
From: Mark.Andrews at isc.org [mailto:Mark.Andrews at isc.org]
Sent: Friday, November 09, 2001 8:38 PM
To: Chimento, Douglas
Cc: 'Cricket Liu'; bind-users at isc.org
Subject: Re: Forward by zone... 



> 
> Fine, You win  
> This is extactly what we have in PRODUCTION
> 
> options {
>         directory "/var/named";
>         forward only;
>         forwarders {
>                 192.168.31.11; 192.168.31.80; 192.168.31.81;
>         };
>         check-names slave ignore;
>         dump-file "/var/tmp/named_dump.db";
>         statistics-file "/var/tmp/named.stats";
>         memstatistics-file "/var/tmp/named.memstats";
>         /*
>          * If there is a firewall between you and nameservers you want
>          * to talk to, you might need to uncomment the query-source
>          * directive below.  Previous versions of BIND always asked
>          * questions using port 53, but BIND 8.1 uses an unprivileged
>          * port by default.
>          */
>         // query-source address * port 53;
> };
> 
> zone "sweet.dude.com" {
>         type forward;
>         forward only;
>         forwarders { 172.26.11.100; }; //SERVER B 
> };
> 
> zone "dude.com" {
>         type master;
>         file "fwd/dude.com";
>         also-notify { 192.168.31.89; 192.168.4.88; 192.168.4.89;
> 192.168.45.88; 192.168.45.89; };
> };

	This configuration will not work unless there is a delegating
	NS RRset for sweet.dude.com in dude.com.

	Without the NS RRset you are telling the server to do to
	answer questions for sweet.dude.com in two different ways
	and the contents of the dude.com zone win (sweet.dude.com
	does not exist).

	Now there are a number of ways to solve this but we need to
	know what you are trying to achieve.

	Is this version of dude.com only visible to internal machines?
	Who do you want to know about sweet.dude.com?
	Are you just trying to override the global forwarding for
	internal subdomains?

	Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org


More information about the bind-users mailing list