reverse lookup via "type forward" - possible? realistic? feasible?

Wed Mar 17 19:13:33 UTC 2004

Ian Diddams <didds2 at excite.com> wrote:
> Just built a brand spanking new dns server using bind 9.2.3.
> Its working a treat - master for 127.0.0 and resolves external
> addresses via root.hints.

> It also - as requested by users - (forward) resolves internal domain
> addresses via a type forward statement.

> here's the named.conf :

> options {
>         directory "/var/named";
> };
> =20
> zone "0.0.127.in-addr.arpa" {
>         type master;
>         file "127.0.0";
> };
> =20
> zone "." {
>         type hint;
>         file "root.hints";
> };
> =20
> zone "wxyz.co.uk" {
>   type forward;
>   forwarders {
>    a.b.c.d;
>    e.f.g.h;
>   };
>  };

> where the two forwarders a.b.c.d and e.f.g.h are internal dns servers.

> All well and good.

> But...  how do I resolve reverse lookups?  e.g. if fred.wxyz.co.uk has
> ip
> 121.122.123.124, how do I use a similar concept (ie type forward) to
> resolve that?

> Presumably something along the lines of=20

> zone "123.122.121" {   [or should that just be "121.122.123" ?]
>   type forward;
>   forwarders {
>    a.b.c.d;
>    e.f.g.h;
>   };
>  };

Not really, remember that ip-addresses are "delegated" under
in-addr.arpa ; the above should read :

zone "123.122.121.in-addr.arpa" {
   type forward;
   forwarders {
    a.b.c.d;
    e.f.g.h;
   };
};

> But IF that's true...  and wxyz.co.uk actually has dozens of subnets,
> then presumably I would need a "type forward" section for every
> subnet?
Yes, unless you cross the 8-bit limit, if a full "B-net" is
used the above could be written :

zone "122.121.in-addr.arpa" {
   type forward;
   forwarders {
    a.b.c.d;
    e.f.g.h;
   };
};

> And if THAT's true, if a new subnet is introduced naturally the
> named.conf would need to be updated to reflect it?

Yes.

> Finally, presumably the whole thing could be covered by a forwarder
> statement within the options section (and the type forward section
> above removed I guess!)...  what effect would that have on the
> external resolution (if any) given that the users for reasons best
> known to themselves require THIS dns box to resolve external addresses
> and NOT the forwarders.  (hope that last bit made sense!).

Use views to do that.=20

> cheers!

> ian

--=20
Peter H=E5kanson        =20
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out=
,
	   remove "icke-reklam" if you feel for mailing me. Thanx.