Forwarding problems and lame NS
Joseph S D Yao
jsdy at cospo.osis.gov
Fri Jun 4 15:10:53 UTC 1999
> I have problems with forwarding/recursion DNS request to my
> enterprisewide DNS server from the site ones. I' using bind 8.2 under
> AIX 4.2.1, HP-UX 10.20 and Solaris 2.6...
...
> When I ask the server dns.PARIS.ENTERPRISE.GROUP.com server to give me
> the adresse of mail.LONODN.ENTERPRISE.GROUP.com, bind 8.2 reply with a
> SERVFAIL, it does not even contact the server
> dns.LONDON.ENTERPRISE.GROUP.com, in the log file of named.run (of
...
There are a couple of different things you could do to correct this.
When you say that the named.conf you displayed is "site-wide", I
suspect that you are saying that it is the same on all DNS servers.
Two possible fixes are:
All subdomain servers forward-only to the domain server
Domain server forwards to firewall server (or is not forwarding)
All servers have firewall server as root [or enterprise server as root,
and enterprise server has "real" roots]
Domain server has NS records for all subdomains
ISTM this should work. I also have
Domain server has "forward" zones to all subdomains
Another approach, if you have a firewall DNS server, is:
All servers forward-only to the firewall server
All servers have firewall server as root
Firewall server has "forward" zones to all servers
--
Joe Yao jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
More information about the bind-users
mailing list