Problems with delegating zones outside of Bind

Wed Mar 29 23:57:04 UTC 2006

> Hello,
> 
> We heavily use bind inside our company for mapping our different servers 
> and caching our own DNS requests.
> We have two DNS servers (Bind 9.2.4.1) running over Debian Sarge, and 
> everything is working well.
> 
> We have several zones, defined like this :
> 
> // Zone company.priv
> zone "sup.ipnotic.priv" IN {
>         type master;
>         file "/etc/bind/db.sup.company.priv";
>         allow-update { none; };
> };
> 
> // Zone srvc.company.priv
> zone "srvc.ipnotic.priv" IN {
>         type master;
>         file "/etc/bind/db.srvc.company.priv";
> };
> 
> // Zone bbone.company.priv
> zone "bbone.ipnotic.priv" IN {
>         type master;
>         file "/etc/bind/db.bbone.company.priv";
>         allow-update { none; };
> };
> 
> 
> We want to add a new zone, say 'modems', but we do not want bind to 
> handle it, because we have to use a SQL back-end. So we want to use 
> powerdns which would store the ressource records, and Bind as a "proxy" 
> that would ask powerdns for results.
> Powerdns runs on both master and slave DNS, but on port 1053.

	named does not have authoritative proxy functionality.
 
> (My master DNS server is 10.10.0.40 and my slave is 10.10.0.46)
> 
> So we added the following zone :
> // New zone
> zone "modems.company.priv" IN {
>         type forward;
>         forward only;
>         forwarders { 10.10.0.40 port 1053;
>                      10.10.0.46 port 1053; };
> };
> 
> So, in this configuration, Bind handles all requests (even for the 
> modems.company.priv) and asks for powerdns when a query concerns the 
> modems.company.priv zone.
> 
> But, it is not the case. Bind never interrogates the powerdns server on 
> port 1053 for, for instance, a modem1.modems.company.priv A query. It 
> only returns a NXDOMAIN error code.
> 
> The logs do not return any noticeable error. I also did a tcpdump on 
> both master and slaves, and there is NO actual communication between 
> bind and powerDNS. By the way, if I interrogate directly powerdns on 
> port 1053, I get the expected results.
> 
> I searched some examples on the internet, but could not find anything.
> 
> Maybe dealing with the PTR and NS ressource records would be a solution, 
> but I could find no examples of it.
> 
> Do someone have an example of how to do this ?
> 
> Thanks for your answers.
> 
> Léonard Wauters.
> 
> 
> -- 
> 
> 
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org