forwarding queries to another name server

Barry Margolin barmar at alum.mit.edu
Wed Mar 17 21:58:41 UTC 2004


In article <c3agqf$1kd7$1 at sf1.isc.org>,
 "Stephen Nizamoff" <s.nizamoff at xpedite.com> wrote:

> Hello, I am looking for some help w/ forwarding queries to another name 
> server. I have
> looked in the book and it seems simple enough but I am unable to make it 
> work.
> 
> I have a name server in a dmz which is allowed to speak w/ the internet. I 
> have another
> name server sitting on our 10 net which cannot access the internet. In the 
> named.conf
> on the internal server the "forwarders" option has been set with the ip of 
> the dmz host. 
> On the dmz server the "allow-query" option has been set w/ the ip's for the 
> internal servers.

If the dmz server has the "allow-recursion" option configured, make sure 
it includes the addresses of the internal servers.

Also, if there's any NAT going on between the internal net and the dmz 
subnet, the addresses in the ACLs on the dmz server must be the 
translated addresses not the 10.x.x.x addresses.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***


More information about the bind-users mailing list