Forwarding problem; Forward Last?

Chris Buxton cbuxton at menandmice.com
Thu Feb 7 22:01:46 UTC 2008 

So put the empty forwarders list in your company.com zone.

zone "company.com" {
	type master; // or slave, or whatever it is
	forwarders { };
};

That way, when looking up data from subzones of company.com, it will  
do its own recursion and follow the delegation out of the zone, rather  
than forwarding to the external-facing forwarders.

Chris Buxton
Professional Services
Men & Mice
Address: Noatun 17, IS-105, Reykjavik, Iceland
Phone:   +354 412 1500
Email:   cbuxton at menandmice.com
www.menandmice.com

Men & Mice
We bring control and flexibility to network management

This e-mail and its attachments may contain confidential and  
privileged information only intended for the person or entity to which  
it is addressed. If the reader of this message is not the intended  
recipient, you are hereby notified that any retention, dissemination,  
distribution or copy of this e-mail is strictly prohibited. If you  
have received this e-mail in error, please notify us immediately by  
reply e-mail and immediately delete this message and all its attachment.



On Feb 7, 2008, at 8:02 AM, Gabriel.Quennesson at fr.michelin.com wrote:

> I was pretty sure I tested that, but I double checked anyway.
> It doesn't work; Or at least, it forces me to define the zone as a  
> slave
> (or forward only) zone in named.conf, wich is not the solution I
> envisioned.
> I just want to define a NS record and the corresponding A record for
> delegation, wich works well as long as I can't forward to my main
> forwarders.
>
>
> bind-users-bounce at isc.org wrote on 07/02/2008 14:09:38:
>
>>
>>> Hi,
>>> (needless to say I have been looking for the answer for days before
>>> posting here).
>>>
>>> I am in the process of replacing Novell Netware's repackaged Bind  
>>> by a
>
>>> standard Linux Bind build.
>>> My setup is quite simple :
>>>
>>> Bind is authoritative for sub.company.com. It uses 2 company.com
>>> forwarders (which doesn't know anything about our zone and/or  
>>> network
>>> apart from a couple A records it holds for external sub.company.com
>>> access. That's stupid but that's how they do.)
>>> There is an active directory, which is named -you guessed it  
>>> allready-
>
>>> ad.sub.company.com. Bind is not a slave for that zone, it just  
>>> holds a
> NS
>>> and it's glue record, as follow
>>> ad      NS      ns.ad.sub.company.com.
>>> ns.ad.sub.company.com.  A       192.168.0.1
>>>
>>> My problem is the following: when my forwarders are down or  
>>> undefined
> and
>>> I query Bind for a record in ad.company.com, it asks
> ns.ad.sub.company.com
>>> and answer with the right answer. (read : if the forwarders are
> defined
>>> but not reachable for some reasons, like FW blocking access, the
> cascading
>>> works).
>>> However when Bind can reach the forwarders, it just asks them for
> records
>>> in ad domain; they answer with a no such domain and resolution stops
>>> there.
>>>
>>> Reading Bind's documentation (and O'reilly's book, 5th edition) I am
> not
>>> missing anything obvious about delegation. It might have to do  
>>> with my
>
>>> forwarder being unaware of my setup but I don't see quite how (and I
> can't
>>> do anything about it).
>>> I have not tried to make bind a slave for the AD zone. I would like
> the
>>> above setup to work before trying other setups.
>>>
>>> Any help would be apreciated,
>>
>>   turn forwarding off for the sub zone.
>>
>>   zone sub.company.com {
>>      ....
>>      forwarders { /* empty */ };
>>   };
>>>
>>>
>> -- 
>> Mark Andrews, ISC
>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>> PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
>>
>>
>
>
>

More information about the bind-users mailing list