forwarder is ignored when authoritative zone is added

Sten Carlsen stenc at s-carlsen.dk
Fri Oct 26 11:22:07 UTC 2012


On 26/10/12 12:56, Ben Croswell wrote:
>
> The one thing I can think of off the top of my head is to ensure the
> child subdomain is properly delegated in the parent. If you try to
> zone level forward a child domain on a server that loads the parent it
> will ignore the forward if  it can see the child doesn't exist as a
> true delegation.
> I assume the logic is, why would I forward a subdomain I know doesn't
> exist.
>
I should think that internal.org... is properly delegated, so the
forward will not be concerned about a subdomain, only about the domain,
that is actually forwarded. internal.org... will then be looked up in
the normal recursive way, so another forward statement might solve this
issue.
>
> -Ben Croswell
>
> On Oct 26, 2012 2:17 AM, "Frank Even" <lists+isc.org at elitists.org
> <mailto:lists%2Bisc.org at elitists.org>> wrote:
>
>     I've recently had an issue that I'm having some issues finding
>     information on solving.
>
>     I have internal DNS resolvers...they act as recursive name servers for
>     general internet queries, but we have forwarders explicitly defined
>     for specific internal zones being served by other name servers.
>
>     My configuration has one particular zone configured as such:
>
>     zone "internal.organization.com
>     <http://internal.organization.com>" IN { type forward; forward only;
>     forwarders {172.x.x.x; 172.x.x.x; }; };
>
>     I have our main zone, organization.com <http://organization.com>,
>     hosted in an external area
>     outside of a firewall with a wildcard record contained in it for
>     anything that is not explicitly defined.  I have some services that I
>     need to reach using names that are in this external zone internally.
>     What I'm trying to do is to slave the organization.com
>     <http://organization.com> zone to my
>     internal recursive resolver to mitigate any possible network issues.
>
>     So I setup the internal resolver as a slave for the
>     "organization.com <http://organization.com>"
>     zone and found that queries against "internal.organization.com
>     <http://internal.organization.com>" were
>     getting answered with the wildcard for the external
>     "organization.com <http://organization.com>"
>     zone.  I can't seem to figure out why the forwarders are getting
>     ignored.  Is it an order of precedence, say authoritative zones are
>     respected over forwarders...or something else??
>
>     Thanks for any assistance anyone can provide, or point me to some
>     documentation I'm missing,
>     Frank
>     _______________________________________________
>     Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>     unsubscribe from this list
>
>     bind-users mailing list
>     bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
>     https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Best regards

Sten Carlsen

No improvements come from shouting:
       "MALE BOVINE MANURE!!!"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20121026/ad1f7f07/attachment.html>


More information about the bind-users mailing list