redirecting root hints to fake internal root server
Kevin Darcy
kcd at chrysler.com
Tue Aug 27 20:28:01 UTC 2013
On 8/27/2013 1:07 PM, Colin Harvey wrote:
> My environment is firewalled from the real world. For queries on
> zones to which I'm not master, I want to recurse to a corporate
> server. nslookup some.internal.hostname.com
> internal.corporate.server works fine.
nslookup is a terrible DNS troubleshooting tool. Try dig. And to mimic
how your nameserver would talk to the other nameserver, use the options
+norec and +bufsiz=4096 (unless you've changed your EDNS0 buffer size
from the default, in which case, plug in that value instead).
> Setting "." to use this internal server in the root.hints file does
> not. In fact I do not even see my system trying to recurse. (I'm
> looking at network traffic with a sniffer.)
> My root.hints:
> . 600 IN NS internal.corporate.server.
> internal.corporate.server. 600 IN A 192.168.1.1
Do you have recursion enabled?
> Alternatively I've setup a forwarding zone in named.conf to query
> 192.168.1.1 for 'internal.hostname.com'.
Ugh, don't do that. Forwarding is for getting around network
restrictions or limitations, and you haven't (so far) indicated that you
have any of those to deal with.
- Kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130827/809e4f95/attachment-0001.html>
More information about the bind-users
mailing list