Forwarding Problem

Chin, Kenneth (HBO) Kenneth.Chin at hbo.com
Mon Feb 23 12:51:08 UTC 2004


Hi Again,

I had to correct the zone info in the example below.  As suggested
outsidecomputer.example.com does not resolve either.

Ken


Hi,

I have read the postings pertaining to forwarding on the BIND list.
However, I have not seen a posting that answered my problem.  I never had a
problem with forwarding on BIND 8.1.2 on Sun Solaris 8.  The problem started
after I updated to BIND 8.3.3 on Sun Solaris 9.  It also occurs for BIND9.x.
Here is a description of the problem:

On the inside of the firewall, a DNS server resolves addresses for computer
systems inside the firewall.  On the outside of the firewall, a separate DNS
server resolves addresses for computer systems outside the firewall.  With
BIND 8.1.2, a computer inside the firewall uses the inside DNS to resolve
addresses for any computer inside the firewall.  If that same computer wants
to resolve an address outside the firewall, the inside DNS forwards the
request to the outside DNS, and the results are passed back to the
originating computer.  This and the reverse DNS all worked under BIND 8.1.2,
but fails for BIND 8.3.3 and 9.x.  The computer is able to resolve an inside
the firewall, but addresses outside as well as reverse DNS inside and
outside the firewall fail for BIND 8.3.3 and 9.x.

The environment uses a single domain.  There are no subdomains.  All address
are Class B.

Inside DNS:  insidedns.example.com (10.1.1.10)
Inside Computer:  insidecomputer.example.com (10.1.1.100)

Outside DNS:  outsidedns.example.com (10.2.2.20)
Outside Computer:  outsidecomputer.example.com (10.2.2.200)

An nslookup from the inside computer to resolve an address of the outside
computer should return 10.2.2.200.  It returns "localhost can't find
outsidecomputer: Non-existent host/domain"

Here are the /etc/named.conf file contents:

options
{
 	directory "/var/named";
 	forwarders { 10.2.2.20; };
 	forward only;
};

zone "example.com" in
{
	type master;
	file "db.example";
};

zone "1.10.in-addr.arpa" in
{
	type master;
	file "example.rev";
};

zone "0.0.127.in-addr.arpa" in
{
	type master;
	file "named.local";
};

zone "." in
{
	type hint;
	file "named.ca";
};

Here are the db.example file contents:

$TTL 86400

@			IN	SOA	insidedns.example.com.
root.insidedns.example.com. (
			1000		; Serial
			10800		; Refresh 3 hours
			3600		; Retry   1 hour
			720000	; Expire  200 hours
			86400)	; Minimum 24 hours

; Name Servers

			NS	insidedns.example.com.

; Addresses

localhost		A	127.0.0.1

insidecomputer	A	10.1.1.100
outsidecomputer	A	10.2.2.200

insidedns		A	10.1.1.10


Here are the example.rev file contents:

$TTL 86400

@			IN	SOA	insidedns.example.com.
root.insidedns.example.com. (
			1000		; Serial
			10800		; Refresh 3 hours
			3600		; Retry   1 hour
			720000 	; Expire  2000 hours
			86400 )	; Minimum 24 hours

; Name Servers

			NS	insidedns.example.com.

; Addresses

100.1.1.10		PTR	insidecomputer.example.com.
200.2.2.10		PTR	outsidecomputer.example.com.

10.1.1.10		PTR	insidedns.example.com.

Here are the named.local file contents:

0.0.127.IN-ADDR.ARPA.	IN SOA	insidedns.example.com.
root.insidedns.example.com. (
			1000		; Serial
			10800		; Refresh 3 hours
			3600		; Retry   1 hour
			720000 	; Expire  2000 hours
			86400 )	; Minimum 24 hours

; Name Servers

0.0.127.IN-ADDR.ARPA.	NS	insidedns.example.com.
1.0.0.127.IN-ADDR.ARPA.	PTR	localhost.

Here are the named.ca file contents:

.				3600000	NS	outsidedns.example.com.
outsidedns.example.com.	3600000	A     10.2.2.20


I appreciate any help I can get.

Thanks

Ken


============================================================================
==
This e-mail is intended only for the use of the addressees.  Any copying,
forwarding, printing or other use of this e-mail by persons other than the
addressees is not authorized.  This e-mail may contain information that is
privileged, confidential and exempt from disclosure.  If you are not the
intended recipient, please notify us immediately by return e-mail (including
the original message in your reply) and then delete and discard all copies
of the e-mail.  Thank you.




==============================================================================
This e-mail is intended only for the use of the addressees.  Any copying, forwarding, printing or other use of this e-mail by persons other than the addressees is not authorized.  This e-mail may contain information that is privileged, confidential and exempt from disclosure.  If you are not the intended recipient, please notify us immediately by return e-mail (including the original message in your reply) and then delete and discard all copies of the e-mail.  Thank you.




More information about the bind-users mailing list