forward only not

Len Conrad lconrad at Go2France.com
Wed Sep 29 13:58:13 UTC 2010


FreeBSD 7.2-RELEASE

BIND 9.6.0-P1

resolv.conf: 
nameserver 127.0.0.1


machine is postfix MX relay-only gateway

on a separate machines, zen.dnsbld.domain.net on IPs 10.1.60.1 & 10.1.60.2,  rbldnsd is running a local copy of zen.spamhaus

nmap shows 10.1.60.1 and 10.1.60.2 with port 53 UDP open.

dig @10.1.60.1 or .2  d.c.b.a.zen.dnsbld.domain.net  works.

named.conf:

zone "zen.dnsbld.domain.net" { type forward; forwarders { 10.1.60.1 ; 10.1.60.2 ; }; forward only; };

and no other forwarding statements.

named query logging shows client 127.0.0.1 (postfix/postscreen) sending queries to 127.0.0.1

tshark capture shows the BIND machine sending queries to the NSs authoritative for domain.net, rather than forwarding to the above forwarders.

The above situation on 3 different MXs.  The weirdest is that when we fired up private zen and forwarding on the 3 MXs, they all worked immediately, perfectly, for about 24 hours, millions of queries, then within a few minutes, they all stopped working with the zen servers, and haven't worked since.  stop/start postfix and named has not effect.

What is overriding the zone forwarding?

Len




More information about the bind-users mailing list