Forward zone and load-balancer

Cricket Liu cricket at
Fri Oct 25 01:19:06 UTC 2002

Alain Morency wrote:
> I have load-balancers equipments that handles DNS queries for
> certain host to load-balance between multiple servers for redundancy.
> These load-balancers are in the intranet behind a firewall.
> Because i don't want all DNS servers on the internet to query my
> load-balancers, i put a rule in my firewall to accept only DNS query
> from my ISP's DNS (DNS1). DNS1 is authoritative for
> Unfortunatly, i don't have any access on DNS1 configuration.
> I told them to add a forward zone like in following example.
> and are the load-balancers' addresses.
> zone "" in
>       {
>            type forward;
>            forwarders {;; };
>            forward only;
>       };
>   The problem is, i see no query coming from DNS1 on the firewall.
>   I used the same configuration in my lab with Bind 8.2.4 as DNS1
>   and it worked.
>   What is wrong ?

What you've set up simply won't work.  Forward zones only apply to
recursive queries, and your ISP's name servers will only receive non-
recursive queries for data in

You need to let arbitrary name servers on the Internet query your
load balancers.


Men & Mice
DNS Software, Training and Consulting

The DNS and BIND Cookbook, available now!

More information about the bind-users mailing list