forward only not
Len Conrad
lconrad at Go2France.com
Wed Sep 29 14:43:32 UTC 2010
---------- Original Message ----------------------------------
From: "Len Conrad" <lconrad at Go2France.com>
Reply-To: lconrad at Go2France.com
Date: Wed, 29 Sep 2010 15:58:13 +0200
>FreeBSD 7.2-RELEASE
>
>BIND 9.6.0-P1
>
>resolv.conf:
>nameserver 127.0.0.1
>
>
>machine is postfix MX relay-only gateway
>
>on a separate machines, zen.dnsbld.domain.net on IPs 10.1.60.1 & 10.1.60.2, rbldnsd is running a local copy of zen.spamhaus
>
>nmap shows 10.1.60.1 and 10.1.60.2 with port 53 UDP open.
>
>dig @10.1.60.1 or .2 d.c.b.a.zen.dnsbld.domain.net works.
>
>named.conf:
>
>zone "zen.dnsbld.domain.net" { type forward; forwarders { 10.1.60.1 ; 10.1.60.2 ; }; forward only; };
>
>and no other forwarding statements.
>
>named query logging shows client 127.0.0.1 (postfix/postscreen) sending queries to 127.0.0.1
>
>tshark capture shows the BIND machine sending queries to the NSs authoritative for domain.net, rather than forwarding to the above forwarders.
>
>The above situation on 3 different MXs. The weirdest is that when we fired up private zen and forwarding on the 3 MXs, they all worked immediately, perfectly, for about 24 hours, millions of queries, then within a few minutes, they all stopped working with the zen servers, and haven't worked since. stop/start postfix and named has not effect.
>
>What is overriding the zone forwarding?
>
========
fixed, was typo in the forward zone name. They typo was inconsequential and worked for one day, until someone removed the NS delegation records for the zen zone from the domain.net auth servers.
Len
More information about the bind-users
mailing list