Can internal root server also forward?
John Hascall
john at iastate.edu
Tue Aug 26 20:37:34 UTC 2008
If I understand what you are asking, yes.
We are doing forwarding from a fake root server,
so it seems that it can be done (we are doing it for "NetReg"
[which uses a DNS which lies a lot, but in some cases we
want the truth so we forward those requests]).
An excerpt:
----------------------------<named.conf>----------------------------
zone "." in {
type master; file "db.root";
};
zone "iastate.edu" {
type master; file "db.iastate.edu";
};
zone "microsoft.com" {
type forward; forwarders { 129.186.1.200; }; forward only;
};
----------------------------<db.root>----------------------------
@ IN SOA netreg-1. asw.iastate.edu. (
...
@ IN NS netreg-1.
iastate.edu. IN NS netreg-1.
...
microsoft.com. IN NS netreg-1.
netreg-1. IN A 129.186.1.16
*. IN A 129.186.1.16
*.edu. IN A 129.186.1.16
*.com. IN A 129.186.1.16
*.net. IN A 129.186.1.16
Hope this helps,
John
> Well what we have is that it is a seperate company outside the
> firewall that is kind of "merged" in with existing company.
> Company A wants to resolve internal hosts on Company B. The forwarding
> was hoping to not have to open all the firewalls between the two for
> the delegation from root to happen via NS records.
> We are thinking of putting in a forwarder box and delegating at
> internal root to that forwarder and then running forward only caching
> on the forwarder over to the "other" company.
>
> thanks
> Joe
>
>
>
> On Aug 25, 11:34 pm, Mark Andrews <Mark_Andr... at isc.org> wrote:
> > > Have an internal root server with zone db.root.
> > > Forwarding is not turned on as global option. Tried to add two forward
> > > zones with forward only into the root server and it would never
> > > forward. NXDOMAIN on localhost digs for that forward zone. If the zone
> > > is delegated in the the db.root file with NS records it works
> > > obviusly, The internal root server is running BIND 9.2.2.
> >
> > > Are there limitations on a root server having forward only zones?
> >
> > > thanks
> > > Joe
> >
> > The real question is why did you decide to use forward
> > zones rather than using a normal delegation.
> >
> > Forward zones are there for when you need to do something
> > special. They are not a replacement for doing normal
> > delegations.
> >
> > Mark
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742 INTERNET: Mark_Andr... at isc.org
>
>
More information about the bind-users
mailing list