Forward zone and load-balancer
Cricket Liu
cricket at menandmice.com
Fri Oct 25 01:19:06 UTC 2002
Alain Morency wrote:
> I have load-balancers equipments that handles DNS queries for
> certain host to load-balance between multiple servers for redundancy.
> These load-balancers are in the intranet behind a firewall.
>
> Because i don't want all DNS servers on the internet to query my
> load-balancers, i put a rule in my firewall to accept only DNS query
> from my ISP's DNS (DNS1). DNS1 is authoritative for mydomain.com
> Unfortunatly, i don't have any access on DNS1 configuration.
>
> I told them to add a forward zone like in following example.
> 200.210.220.230 and 200.210.240.230 are the load-balancers' addresses.
>
> zone "www.mydomain.com" in
> {
> type forward;
> forwarders {200.210.220.230; 200.210.240.230; };
> forward only;
> };
>
> The problem is, i see no query coming from DNS1 on the firewall.
> I used the same configuration in my lab with Bind 8.2.4 as DNS1
> and it worked.
>
> What is wrong ?
What you've set up simply won't work. Forward zones only apply to
recursive queries, and your ISP's name servers will only receive non-
recursive queries for data in mydomain.com.
You need to let arbitrary name servers on the Internet query your
load balancers.
cricket
Men & Mice
DNS Software, Training and Consulting
www.menandmice.com
The DNS and BIND Cookbook, available now!
http://www.oreilly.com/catalog/dnsbindckbk/
More information about the bind-users
mailing list