Problem with forward zone in view

Carol Overes carol at overes.net
Sun Sep 8 09:24:10 UTC 2013 

All,

I have tried to search on the web for a solution for the following
problem, but I didn succeed.

My goal:
I run an internal DNS server ('10.10.10.1'), which is authoritive for an
internal domain ('domain1.com'), and allows recursion for internal
networks. We have another internal nameserver (192.168.1.1), which is
authoritive for another internal domain ('domain2.com').

On 10.10.10.1, I would like to forward requests for 'domain2.com' to
server 192.168.1.1.


My setup:
I am using views on 10.10.10.1. The server runs on version 9.8.1-p1. 
Below is the relevant view, including my forwarding statement, and 
the relevant acl:

acl "trusted" {
      192.168.0.0/24;
      127.0.0.1/32;
      localhost;
};


view "internal-in" in {
    match-clients { trusted; };
    additional-from-auth yes;
    additional-from-cache yes;

    allow-transfer {
        none;
    };

     allow-query {
         trusted;
     };

     allow-recursion { 
         trusted; 
     };

     zone "domain2.com" {
         type forward;
         forwarders { 192.168.1.1; };
     };

     zone "." in {
         type hint;
         file "/<some_path_to_file>/db.root";
     };

      zone "domain1.com" in {
          type master;
          file "/<some_path_to_file>/cdc.foundstone.com.zone";
      };
};

The problem:
If I perform a query from a network, part of the trusted acl, I can see
that the query is send to root servers and then to the .com servers:

$ dig domain2.com NS +trace

; <<>> DiG 9.8.1-P1 <<>> domain2.com NS +trace
;; global options: +cmd
.			518350	IN	NS	g.root-servers.net.
.			518350	IN	NS	d.root-servers.net.
.			518350	IN	NS	f.root-servers.net.
.			518350	IN	NS	a.root-servers.net.
.			518350	IN	NS	m.root-servers.net.
.			518350	IN	NS	b.root-servers.net.
.			518350	IN	NS	i.root-servers.net.
.			518350	IN	NS	j.root-servers.net.
.			518350	IN	NS	h.root-servers.net.
.			518350	IN	NS	e.root-servers.net.
.			518350	IN	NS	l.root-servers.net.
.			518350	IN	NS	k.root-servers.net.
.			518350	IN	NS	c.root-servers.net.
;; Received 512 bytes from 127.0.0.1#53(127.0.0.1) in 2435 ms

com.			172800	IN	NS	a.gtld-servers.net.
com.			172800	IN	NS	b.gtld-servers.net.
com.			172800	IN	NS	c.gtld-servers.net.
com.			172800	IN	NS	d.gtld-servers.net.
com.			172800	IN	NS	e.gtld-servers.net.
com.			172800	IN	NS	f.gtld-servers.net.
com.			172800	IN	NS	g.gtld-servers.net.
com.			172800	IN	NS	h.gtld-servers.net.
com.			172800	IN	NS	i.gtld-servers.net.
com.			172800	IN	NS	j.gtld-servers.net.
com.			172800	IN	NS	k.gtld-servers.net.
com.			172800	IN	NS	l.gtld-servers.net.
com.			172800	IN	NS	m.gtld-servers.net.

I have also sniffed UDP packets on the wire. But I don see any packets
going towards 192.168.1.1.

Question:
Any idea what is wrong in my configuration?

Thanks in advance for your help!

Regards,

Carol


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the bind-users mailing list