Forward zone and load-balancer

Cricket Liu cricket at menandmice.com
Fri Oct 25 01:19:06 UTC 2002


Alain Morency wrote:
> I have load-balancers equipments that handles DNS queries for
> certain host to load-balance between multiple servers for redundancy.
> These load-balancers are in the intranet behind a firewall.
> 
> Because i don't want all DNS servers on the internet to query my
> load-balancers, i put a rule in my firewall to accept only DNS query
> from my ISP's DNS (DNS1). DNS1 is authoritative for mydomain.com
> Unfortunatly, i don't have any access on DNS1 configuration.
> 
> I told them to add a forward zone like in following example.
> 200.210.220.230 and 200.210.240.230 are the load-balancers' addresses.
> 
> zone "www.mydomain.com" in
>       {
>            type forward;
>            forwarders {200.210.220.230; 200.210.240.230; };
>            forward only;
>       };
> 
>   The problem is, i see no query coming from DNS1 on the firewall.
>   I used the same configuration in my lab with Bind 8.2.4 as DNS1
>   and it worked.
> 
>   What is wrong ?

What you've set up simply won't work.  Forward zones only apply to
recursive queries, and your ISP's name servers will only receive non-
recursive queries for data in mydomain.com.

You need to let arbitrary name servers on the Internet query your
load balancers.

cricket

Men & Mice
DNS Software, Training and Consulting
www.menandmice.com

The DNS and BIND Cookbook, available now!
http://www.oreilly.com/catalog/dnsbindckbk/


More information about the bind-users mailing list