forwarder is ignored when authoritative zone is added
Sten Carlsen
stenc at s-carlsen.dk
Fri Oct 26 11:22:07 UTC 2012
On 26/10/12 12:56, Ben Croswell wrote:
>
> The one thing I can think of off the top of my head is to ensure the
> child subdomain is properly delegated in the parent. If you try to
> zone level forward a child domain on a server that loads the parent it
> will ignore the forward if it can see the child doesn't exist as a
> true delegation.
> I assume the logic is, why would I forward a subdomain I know doesn't
> exist.
>
I should think that internal.org... is properly delegated, so the
forward will not be concerned about a subdomain, only about the domain,
that is actually forwarded. internal.org... will then be looked up in
the normal recursive way, so another forward statement might solve this
issue.
>
> -Ben Croswell
>
> On Oct 26, 2012 2:17 AM, "Frank Even" <lists+isc.org at elitists.org
> <mailto:lists%2Bisc.org at elitists.org>> wrote:
>
> I've recently had an issue that I'm having some issues finding
> information on solving.
>
> I have internal DNS resolvers...they act as recursive name servers for
> general internet queries, but we have forwarders explicitly defined
> for specific internal zones being served by other name servers.
>
> My configuration has one particular zone configured as such:
>
> zone "internal.organization.com
> <http://internal.organization.com>" IN { type forward; forward only;
> forwarders {172.x.x.x; 172.x.x.x; }; };
>
> I have our main zone, organization.com <http://organization.com>,
> hosted in an external area
> outside of a firewall with a wildcard record contained in it for
> anything that is not explicitly defined. I have some services that I
> need to reach using names that are in this external zone internally.
> What I'm trying to do is to slave the organization.com
> <http://organization.com> zone to my
> internal recursive resolver to mitigate any possible network issues.
>
> So I setup the internal resolver as a slave for the
> "organization.com <http://organization.com>"
> zone and found that queries against "internal.organization.com
> <http://internal.organization.com>" were
> getting answered with the wildcard for the external
> "organization.com <http://organization.com>"
> zone. I can't seem to figure out why the forwarders are getting
> ignored. Is it an order of precedence, say authoritative zones are
> respected over forwarders...or something else??
>
> Thanks for any assistance anyone can provide, or point me to some
> documentation I'm missing,
> Frank
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20121026/ad1f7f07/attachment.html>
More information about the bind-users
mailing list