forward only recursive server doesn't forward

Mark Andrews marka at isc.org
Thu Oct 20 01:48:26 UTC 2016 

In message <CAB1R3sjkUOzWeEbyhSF-s+J=Wfu2La2kQ513uRQu9YFi=JcC2g at mail.gmail.com>, Alex writes:
> Hi,
> 
> I have a bind-9.10.3 server on fedora22 that is authoritative for a
> few domains and their corresponding IP ranges. I'd like to set up
> another domain server (rbldnsd) on a host in one of those domains as a
> forward-only server.
> 
> The problem appears to be that the queries from the local box to the
> subdomain being managed by the rbldnsd server are being answered by
> the local bind instead of being sent to the remote machine running
> rbldnsd.

Add a delegation for scann.example.com in example.com.  Forward
zones control *where* the queries are sent, not if queries are sent.

> In other words, I believe the issue is that the host is already
> authoritative for the reverse zone, so there would be no reason for it
> to forward these queries to another system.
> 
> Here are the relevant sections of my named.conf:
> 
> // spam IP entries
> zone "scann.example.com" {
>         type forward;
>         forwarders { 66.104.104.66; };
> };
> 
> // zone info for 66.104.104.96/28
> zone "96/28.104.104.66.in-addr.arpa" {
>         type slave;
>         file "slaves/db.104.104.66";
>         masters { 64.1.1.3; };
>         allow-query { any; };
>         allow-transfer { trusted; };
> };
> 
> Queries for abc.com.scann.example.com fail with NXDOMAIN. Log entries
> are similar to this:
> 
> 19-Oct-2016 21:22:39.846 queries: client 127.0.0.1#41809
> (abc.com.scann.example.com): query: abc.com.scann.example.com IN A +
> (127.0.0.1)
> 
> I set up the reverse zone a long time ago, and I don't think the "zone
> 96/28.104.104.66.in-addr.arpa" is completely correct, but it appears
> to work. I'm not sure if that's related to the problem, but would
> appreciate advice there.
> 
> Thanks,
> Alex
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list