<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.21297" name=GENERATOR></HEAD>
<BODY
style="WORD-WRAP: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space">
<DIV dir=ltr align=left><SPAN class=338120809-06052011><FONT face=Arial
color=#0000ff size=2>Thanks for the answer but:</FONT></SPAN></DIV>
<UL dir=ltr>
<LI>
<DIV align=left><SPAN class=338120809-06052011><FONT face=Arial color=#0000ff
size=2>In the example i post yesterday: on my server1 the recursion is enabled
(recursion yes), but the server1 can't recurse because i stop it on firewall
and it can't contact the outside.</FONT></SPAN></DIV></LI>
<LI>
<DIV align=left><SPAN class=338120809-06052011><FONT face=Arial color=#0000ff
size=2>You say "<FONT face="Times New Roman" color=#000000 size=3>Don't use
forwarding from a recursive server to a non-recursive server</FONT>" but
when my server1 is recursive (and the firewall allow it to contact
the outside), and server2 don't recurse because in it's conf recursion is set
to no, when i ask my server1 about <A
href="ftp://ftp.example.com">ftp.example.com</A> (dig @0 <A
href="ftp://ftp.example.com">ftp.example.com</A>) , server1 forward the query
to server2 which answer by the CNAME <A
href="http://www.abc.com">www.abc.com</A> and then server1 recurse to
find the IP of <A href="http://www.abc.com">www.abc.com</A>. and everything
works fine. </FONT></SPAN></DIV></LI>
<LI>
<DIV align=left><SPAN class=338120809-06052011><FONT face=Arial color=#0000ff
size=2>you say "<FONT face="Times New Roman" color=#000000 size=3>If server 2
is auth-only or otherwise can't resolve the address of </FONT><A
href="http://www.abc.com/"><FONT face="Times New Roman"
size=3>www.abc.com</FONT></A><FONT face="Times New Roman" color=#000000
size=3>, then forwarding a query to it is not going to work.</FONT>" No as i
say when server1 really recurse ( recursion yes, and the firewall allow the
server1 to contact outside) and server2 don't recurse (recursion no) all is
ok: server1 forward the query to server2 which answer by the CNAME <A
href="http://www.abc.com/">www.abc.com</A> and then server1 recurse to
find the IP of <A href="http://www.abc.com/">www.abc.com</A>. and everything
works fine. </FONT></SPAN></DIV></LI>
<LI>
<DIV align=left><SPAN class=338120809-06052011><FONT face=Arial color=#0000ff
size=2>You say "<FONT face="Times New Roman" color=#000000 size=3>then using a
stub zone for </FONT><A href="http://example.com/"><FONT
face="Times New Roman" size=3>example.com</FONT></A><FONT
face="Times New Roman" color=#000000 size=3> will work</FONT>", why i will use
a stub zone since a forward do the same thing
expected.</FONT></SPAN></DIV></LI></UL>
<DIV dir=ltr align=left><SPAN class=338120809-06052011><FONT face=Arial
color=#0000ff size=2>And my question is always this:</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=338120809-06052011><FONT face=Arial
color=#0000ff size=2>forward only; as i read means a recursive query, in other
term a query with the RD bit is enabled. which means that when my server1 (which
has recursion yes but can't recurse because the firewall don't allow it to
contact the outside, which finally means server1 can't recuse) ask server2
about <A href="ftp://ftp.example.com">ftp.example.com</A>, server2 will
normally make all the work means he read on it's zone, then find
the CNAME, then make a recursion to resolve the CNAME and finally send
the IP to server1.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=338120809-06052011><FONT face=Arial
color=#0000ff size=2>why server2 don't recurse to find the IP of
www.abc.com?</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=338120809-06052011><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=338120809-06052011><FONT face=Arial
color=#0000ff size=2>thanks for your help.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=338120809-06052011><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV><BR>
<BLOCKQUOTE style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=fr dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>De :</B> Chris Buxton
[mailto:chris.p.buxton@gmail.com] <BR><B>Envoyé :</B> jeudi 5 mai 2011
19:47<BR><B>À :</B> HARRATHI Issam Ext OLNC/DPS<BR><B>Cc :</B>
bind-users@lists.isc.org<BR><B>Objet :</B> Re: forward first: iterative
or recursive query<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV>If recursion is disabled, forwarding doesn't happen. I think you've
confused some terms and configurations.</DIV>
<DIV><BR></DIV>
<DIV>Don't use forwarding from a recursive server to a non-recursive server.
Use a stub zone instead, if you can't rely on the recursion process to find
the correct server to query.</DIV>
<DIV><BR></DIV>
<DIV>If server 2 is auth-only or otherwise can't resolve the address of <A
href="http://www.abc.com">www.abc.com</A>, then forwarding a query to it is
not going to work. However, if server 1 is a caching server and is able to
resolve <A href="http://www.abc.com">www.abc.com</A>, then using a stub zone
for <A href="http://example.com">example.com</A> will work; server 2 will send
the CNAME record to server 1, and then server 1 will resolve the final address
record on its own.</DIV>
<DIV><BR></DIV>
<DIV>Chris Buxton</DIV>
<DIV>BlueCat Networks</DIV><BR>
<DIV>
<DIV>On May 5, 2011, at 2:15 AM, <<A
href="mailto:iharrathi.ext@orange-ftgroup.com">iharrathi.ext@orange-ftgroup.com</A>>
<<A
href="mailto:iharrathi.ext@orange-ftgroup.com">iharrathi.ext@orange-ftgroup.com</A>>
wrote:</DIV><BR class=Apple-interchange-newline>
<BLOCKQUOTE type="cite">
<DIV
style="WORD-WRAP: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space">
<DIV dir=ltr align=left><SPAN class=144575708-05052011><FONT face=Arial
color=#0000ff size=2>Hi,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=144575708-05052011><FONT face=Arial
color=#0000ff size=2>i have a server called server1 that is acting as a
cache server( recursion none). And i forward the zone <A
href="http://example.com">example.com</A> to server2 which has recursion
enabled and master on some zone like <A
href="http://example.com">example.com</A>.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=144575708-05052011> <FONT
face=Arial color=#0000ff size=2>this is the forwarding zone on
server1:</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=144575708-05052011><FONT face=Arial
color=#0000ff size=2>zone "<A href="http://example.com">example.com</A>"
{<BR> type
forward;<BR> forward
only;<BR> forwarders { IP_of
server2; };<BR>};<BR></FONT></SPAN></DIV>
<DIV><SPAN class=144575708-05052011><FONT face=Arial color=#0000ff
size=2>and server2 is master of the zone <A
href="http://example.com">example.com</A>:</FONT></SPAN></DIV>
<DIV><SPAN class=144575708-05052011><FONT face=Arial color=#0000ff
size=2><BR>zone "<A href="http://example.com">example.com</A>"
{<BR> type
master;<BR> file
"master/db.example.com";<BR>};</FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><SPAN class=144575708-05052011><FONT face=Arial color=#0000ff
size=2>BUT the problem is here:</FONT></SPAN></DIV>
<DIV><SPAN class=144575708-05052011><FONT face=Arial color=#0000ff size=2><A
href="http://db.example.com">db.example.com</A>:</FONT></SPAN></DIV>
<DIV><SPAN class=144575708-05052011><FONT face=Arial color=#0000ff
size=2>....</FONT></SPAN></DIV>
<DIV><SPAN class=144575708-05052011><FONT face=Arial color=#0000ff
size=2>$ORIGIN <A
href="http://example.com">example.com</A>.</FONT></SPAN></DIV>
<DIV><SPAN class=144575708-05052011><FONT face=Arial color=#0000ff
size=2>www
A 1.2.3.4</FONT></SPAN></DIV>
<DIV><SPAN class=144575708-05052011><FONT face=Arial color=#0000ff
size=2>ftp
CNAME <A
href="http://www.abc.com/">www.abc.com</A></FONT></SPAN></DIV>
<DIV><SPAN class=144575708-05052011><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=144575708-05052011><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=144575708-05052011><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=144575708-05052011><FONT face=Arial color=#0000ff
size=2>server1 can resolve <A
href="http://www.example.com/">www.example.com</A>, but can't resolve <A
href="ftp://ftp.example.com">ftp.example.com</A> since the server2 sends the
answer which is <A href="http://www.abc.com/">www.abc.com</A> and not the
IP, and my server1 can't make recursion to resolve <A
href="http://www.abc.com/">www.abc.com</A>.</FONT></SPAN></DIV>
<DIV><SPAN class=144575708-05052011><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=144575708-05052011><FONT face=Arial color=#0000ff
size=2>why?</FONT></SPAN></DIV>
<DIV><SPAN class=144575708-05052011><FONT face=Arial color=#0000ff
size=2>from server1 when i dig on server2: dig @IP-server2 <A
href="http://www.example.com/">www.example.com</A> it sends to me the IP,
all is OK!!! but with a forwarding statement it sends only the
CNAME</FONT></SPAN></DIV>
<DIV><SPAN class=144575708-05052011><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=144575708-05052011>server1 is bind9.6-ESV-R4 et server2
bind-9.4.2</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=144575708-05052011></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=144575708-05052011>Thanks.</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=144575708-05052011>Issam HARRATHI</SPAN></FONT></DIV>
<DIV><BR></DIV>
<BLOCKQUOTE style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=fr dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>De :</B> Chris Buxton
[mailto:chris.p.buxton@gmail.com] <BR><B>Envoyé :</B> mercredi 4 mai
2011 08:49<BR><B>À :</B> HARRATHI Issam Ext
OLNC/DPS<BR><B>Cc :</B> <A
href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</A><BR><B>Objet :</B>
Re: forward first: iterative or recursive query<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV>With a static-stub zone, you would get an iterative query. Forwarding
always results in a recursive query.</DIV>
<DIV><BR></DIV>
<DIV>How are you determining that your server is sending an iterative
query?</DIV>
<DIV><BR></DIV>
<DIV>Can we (the list) see your named.conf?</DIV>
<DIV><BR></DIV>
<DIV>Regards,</DIV>
<DIV>Chris Buxton</DIV>
<DIV>BlueCat Networks</DIV><BR>
<DIV>
<DIV>On May 3, 2011, at 5:21 AM, <<A
href="mailto:iharrathi.ext@orange-ftgroup.com">iharrathi.ext@orange-ftgroup.com</A>>
<<A
href="mailto:iharrathi.ext@orange-ftgroup.com">iharrathi.ext@orange-ftgroup.com</A>>
wrote:</DIV><BR class=Apple-interchange-newline>
<BLOCKQUOTE type="cite">
<DIV>
<DIV><FONT face=Arial size=2><SPAN
class=410301012-03052011>Hi</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=410301012-03052011>from the
book DNS and Bind 5th edition [french] (o'reilly)</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=410301012-03052011>I read that
the forward with the mode first sends a recursive query to the
servers on the forwarders list, but as i see it only sends an iterative
query. Also with forward only it send an itérative
query.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=410301012-03052011>So forward
first send an itérative or recursive query?</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=410301012-03052011></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=410301012-03052011>And how i
can send a recursive query with the statement forward ( without using
static-stub)</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=410301012-03052011>I'm using
bind-9.6-ESV-R4</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=410301012-03052011></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=410301012-03052011>Thanks.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=410301012-03052011>Issam
HARRATHI.</SPAN></FONT></DIV><PRE>********************************************************************************
IMPORTANT.Les informations contenues dans ce message electronique y compris les fichiers attaches sont strictement confidentielles
et peuvent etre protegees par la loi.
Ce message electronique est destine exclusivement au(x) destinataire(s) mentionne(s) ci-dessus.
Si vous avez recu ce message par erreur ou s il ne vous est pas destine, veuillez immediatement le signaler a l expediteur et effacer ce message
et tous les fichiers eventuellement attaches.
Toute lecture, exploitation ou transmission des informations contenues dans ce message est interdite.
Tout message electronique est susceptible d alteration.
A ce titre, le Groupe France Telecom decline toute responsabilite notamment s il a ete altere, deforme ou falsifie.
De meme, il appartient au destinataire de s assurer de l absence de tout virus.
IMPORTANT.This e-mail message and any attachments are strictly confidential and may be protected by law. This message is
intended only for the named recipient(s) above.
If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and delete this e-mail message.
Any unauthorized view, usage or disclosure ofthis message is prohibited.
Since e-mail messages may not be reliable, France Telecom Group shall not be liable for any message if modified, changed or falsified.
Additionally the recipient should ensure they are actually virus free.
********************************************************************************
</PRE></DIV>_______________________________________________<BR>bind-users
mailing list<BR><A
href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</A><BR><A
href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</A></BLOCKQUOTE></DIV><BR></BLOCKQUOTE><PRE>********************************************************************************
IMPORTANT.Les informations contenues dans ce message electronique y compris les fichiers attaches sont strictement confidentielles
et peuvent etre protegees par la loi.
Ce message electronique est destine exclusivement au(x) destinataire(s) mentionne(s) ci-dessus.
Si vous avez recu ce message par erreur ou s il ne vous est pas destine, veuillez immediatement le signaler a l expediteur et effacer ce message
et tous les fichiers eventuellement attaches.
Toute lecture, exploitation ou transmission des informations contenues dans ce message est interdite.
Tout message electronique est susceptible d alteration.
A ce titre, le Groupe France Telecom decline toute responsabilite notamment s il a ete altere, deforme ou falsifie.
De meme, il appartient au destinataire de s assurer de l absence de tout virus.
IMPORTANT.This e-mail message and any attachments are strictly confidential and may be protected by law. This message is
intended only for the named recipient(s) above.
If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and delete this e-mail message.
Any unauthorized view, usage or disclosure ofthis message is prohibited.
Since e-mail messages may not be reliable, France Telecom Group shall not be liable for any message if modified, changed or falsified.
Additionally the recipient should ensure they are actually virus free.
********************************************************************************
</PRE></DIV></BLOCKQUOTE></DIV><BR></BLOCKQUOTE><PRE>********************************************************************************
IMPORTANT.Les informations contenues dans ce message electronique y compris les fichiers attaches sont strictement confidentielles
et peuvent etre protegees par la loi.
Ce message electronique est destine exclusivement au(x) destinataire(s) mentionne(s) ci-dessus.
Si vous avez recu ce message par erreur ou s il ne vous est pas destine, veuillez immediatement le signaler a l expediteur et effacer ce message
et tous les fichiers eventuellement attaches.
Toute lecture, exploitation ou transmission des informations contenues dans ce message est interdite.
Tout message electronique est susceptible d alteration.
A ce titre, le Groupe France Telecom decline toute responsabilite notamment s il a ete altere, deforme ou falsifie.
De meme, il appartient au destinataire de s assurer de l absence de tout virus.
IMPORTANT.This e-mail message and any attachments are strictly confidential and may be protected by law. This message is
intended only for the named recipient(s) above.
If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and delete this e-mail message.
Any unauthorized view, usage or disclosure ofthis message is prohibited.
Since e-mail messages may not be reliable, France Telecom Group shall not be liable for any message if modified, changed or falsified.
Additionally the recipient should ensure they are actually virus free.
********************************************************************************
</PRE></BODY></HTML>