Complicated BIND9 Problem - Help!

Kevin Darcy kcd at daimlerchrysler.com
Thu Jul 11 21:10:28 UTC 2002


applecorps at mailcity.com wrote:

> Okay, here's a dilly of a pickle:
>
> My site has six DNS servers running BIND 9.21: 2 internal only; 2 that
> forward to the external servers, and the 2 externals that can also
> forward to the Internet. The two internals only know the domain
> (acme.com). Any other look-up will fail. The two forwarders pass
> outside look-ups to the externals, and the externals act like normal
> servers. In this set-up, only the externals have a hint zone
> statement, and only they may access the root servers directly.
>
> Here's the problem: We've been infected with the Win2k/AD virus. Our
> M$ consultant wants to test his new AD subdomain, ad.acme.com. If we
> set it up as a stub zone, it  works on the internals, but not the
> forwarders. The forwarders see ad.acme.com as outside their domain so
> they try to pass it to our externals. They have the stub zone file,
> but they don't appear to look in it. (The internals work because they
> don't have a global forwarders statement).
>
> Before I get a lot of static about a forwarding zone statement, we
> tried that too. In that case, the zone forwarding statement did not
> seem to override the global forwarding statement. And I have to have
> that global statement b/c if it isn't acme.com (or some subdomain of
> acme.com), it needs to go to our externals.
> The stub zone statement is as follows:
> zone "ad.acme.com" {
>                 type stub;
>                 masters { 10.10.10.10; };
>                 file "db.adacme";
> };
>
> Any ideas? I was under the impression that zone options should
> override global options. Is that a bug?

Is ad.acme.com delegated properly from acme.com? If it is, then all you
should need is a "forwarders { }" directive in the zone definition for
acme.com on your forwarding servers. This strange syntax disables
forwarding for that particular part of the namespace, including all
subzones. You shouldn't need a stub definition for ad.acme.com at all.


- Kevin





More information about the bind-users mailing list