BIND & forwarding zone / proxy - HOW???

Barry Margolin barmar at alum.mit.edu
Tue Jul 4 20:49:12 UTC 2006


In article <e8e8dq$2al$1 at sf1.isc.org>,
 "kurczaq" <fakjudupaq at yahoo.com.au> wrote:

> Hi,
> 
> I've the following problem:
> 
> I have a machine on IP x.x.x.x with bind 9.3 which is authoritative
> master for a number of domains.  There is a private network behind
> x.x.x.x using 10.1.1.0/24
> 
> Now I want to delegate a globally visible subdomain "sub.domain.com" to
> another machine on the private network, e.g. 10.1.1.1 - more
> specifically I want that all queries for sub.domain.com are being
> answered by bind on 10.1.1.1 (and I would even like to use a port
> different than 53 there, e.g. 5353)
> 
> It is clear that I can not do in the global DNS for domain.com a
> delegation like:
> 
> "sub IN NS 10.1.1.1"
> 
> thus I tried the following:
> 
> global delegation in domain.com:
> 
> "sub IN NS x.x.x.x"
> 
> added in the config of BIND on x.x.x.x:
> 
> zone "sub.domain.com" in {
>         type forward;
>         forward only;
>         forwarders { 10.1.1.1 port 5353 ; };
> };
> 
> But: THIS DOES NOT WORK :-(
....
> I see that the query (from IP's local DNS resolver) arrives at x.x.x.x
> (tcpdump) but bind on x.x.x.x IMMEDIATELY responds with ServFail
> WITHOUT even generating a query to 10.1.1.1 !!!!!

Did you notice that the query didn't have the "Recursion Desired" flag 
set?  Caching servers perform iterative queries, not recursive queries 
(except when they're following their own "forwarders" directives, which 
is not relevant to your case).

You can't do what you want with forwarding, configure your server as a 
slave of the internal zone.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***



More information about the bind-users mailing list