<div dir="ltr"><div><div><div><div><div><div><div>Ok Tony, please let me explain to you.<br><br></div>In our company we have several desktops from two different cities accessing only to internal domains distributed in two views in a private BIND with authoritative zones, where I've defined "recursion no;".<br><br></div>But now we have to let them access to *.<a href="http://teamviewer.com">teamviewer.com</a> hostnames, just this public domain and not other.</div><div><br></div>So I've implemented the forwarding of "<a href="http://teamviewer.com">teamviewer.com</a>" zone to our BIND resolvers servers (they forward DNS queries to 8.8.8.8). So I've created a third view with this information in named.conf.local:</div><div><br></div><div><p class="MsoNormal"><span lang="EN-US">acl internet { <a href="http://10.0.0.0/24">10.0.0.0/24</a> };</span></p></div><div><p class="MsoNormal"><span lang="EN-US">view "internet" {</span></p>
<p class="MsoNormal"><span lang="EN-US"> match-clients { internet; key "custom"; };</span></p>
<p class="MsoNormal"><span lang="EN-US"> recursion yes;</span></p>
<p class="MsoNormal"><span lang="EN-US"> zone "<a href="http://teamviewer.com" target="_blank">teamviewer.com</a>" {</span></p>
<p class="MsoNormal"><span lang="EN-US"> type forward;</span></p>
<p class="MsoNormal"><span lang="EN-US"> forward only;</span></p>
<p class="MsoNormal"><span lang="EN-US"> forwarders {</span></p>
<p class="MsoNormal"><span lang="EN-US"> 172.18.1.1;</span></p>
<p class="MsoNormal"><span lang="EN-US"> 172.18.1.2;</span></p>
<p class="MsoNormal"><span lang="EN-US"> };</span></p>
<p class="MsoNormal"><span lang="EN-US">};</span></p></div><br></div>I defined "recursion yes" but the BIND servers forwards all the public domains queries to our resolvers and not just for "<a href="http://teamviewer.com">teamviewer.com</a>", so it doesn't work. And if I change for "recursion no", the query <a href="http://www.teamviewer.com">www.teamviewer.com</a> is refused and at the client side appears an error telling that recursion is necessary.<br><br></div>So I let desktops resolve all the Internet domains or neither, and this is not what I want because I just want to let them resolve just <a href="http://teamviewer.com">teamviewer.com</a>.</div><div><br></div><div>How can I do to forward only <a href="http://teamviewer.com">teamviewer.com</a> zone queries to my resolvers???</div><div><br></div>Sorry for my new message, special thanks Tony !!!<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">El jue., 7 feb. 2019 a las 13:41, Tony Finch (<<a href="mailto:dot@dotat.at">dot@dotat.at</a>>) escribió:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Roberto Carna <<a href="mailto:robertocarna36@gmail.com" target="_blank">robertocarna36@gmail.com</a>> wrote:<br>
><br>
> So how can I define "recursion yes" just for the zone "<a href="http://linux.org" rel="noreferrer" target="_blank">linux.org</a>" ???<br>
<br>
You can turn recursion on and off for the entire server, or per view, but<br>
not per zone.<br>
<br>
It isn't clear to me what you want this server to do. If it is providing<br>
DNS service to end-user devices (if it is configured in /etc/resolv.conf<br>
or advertised by DHCP) then it needs to provide recursive service. If not,<br>
then I am even more confused about what you are trying to do!<br>
<br>
Tony.<br>
-- <br>
f.anthony.n.finch <<a href="mailto:dot@dotat.at" target="_blank">dot@dotat.at</a>> <a href="http://dotat.at/" rel="noreferrer" target="_blank">http://dotat.at/</a><br>
St Davids Head to Great Orme Head, including St Georges Channel: Southwest 5<br>
or 6, increasing 7 to severe gale 9. Moderate or rough becoming very rough.<br>
Rain and drizzle, squally showers later. Moderate or good, occasionally poor.<br>
</blockquote></div>