Queries regarding forwarders

Blason R blason16 at gmail.com
Thu Aug 9 04:02:16 UTC 2018


Hi there,

Due to the architecture since I have my internal DNS RPZ built I wanted my
other internal  DNS servers should send traffic to RPZ server and then RPZ
would resolve on behalf of client.

Client --->DNS AUTH Server for xyz.com===> Fporwarder ==> 192.168.3.44===>
INTERNET

On Wed, Aug 8, 2018 at 10:26 PM Matus UHLAR - fantomas <uhlar at fantomas.sk>
wrote:

> On 08.08.18 19:32, Blason R wrote:
> >I am bit confused about DNS forwarders. I have two BIND Servers one is
> >being used as Authoritative DNS server which has forwarder set
>
> why?
>
> > to other
> >server like this
> >
> >Auth Server  for xvyz.com 192.168.3.15
> >Recursive Server 192.168.3.44
> >
> >Now if I am debugging from client side using -debug option I see
> >192.168.3.15 is directly resolving with ROOT DNS Servers though I have
> >recursive no; option set in my BIND config.
>
> BIND has internal list of root servers.
>
> > Ideally the query should have
> >gone to 192.168.3.44 but in debug I am seeing the below output.
>
> ideally you would not use forwarder on BIND, unless you really must.
>
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> If Barbie is so popular, why do you have to buy her friends?
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180809/e7def1ea/attachment.html>


More information about the bind-users mailing list