forward only recursive server doesn't forward
Mark Andrews
marka at isc.org
Thu Oct 20 03:24:24 UTC 2016
In message <CAB1R3siEjShqvCAU_JJm_RwAnU_vK==3fqjxPc+kEMMyLgcc_w at mail.gmail.com>
, Alex writes:
> Hi Mark,
>
> On Wed, Oct 19, 2016 at 9:48 PM, Mark Andrews <marka at isc.org> wrote:
> >
> > In message <CAB1R3sjkUOzWeEbyhSF-s+J=Wfu2La2kQ513uRQu9YFi=JcC2g at mail.gmail.
> com>, Alex writes:
> >> Hi,
> >>
> >> I have a bind-9.10.3 server on fedora22 that is authoritative for a
> >> few domains and their corresponding IP ranges. I'd like to set up
> >> another domain server (rbldnsd) on a host in one of those domains as a
> >> forward-only server.
> >>
> >> The problem appears to be that the queries from the local box to the
> >> subdomain being managed by the rbldnsd server are being answered by
> >> the local bind instead of being sent to the remote machine running
> >> rbldnsd.
> >
> > Add a delegation for scann.example.com in example.com. Forward
> > zones control *where* the queries are sent, not if queries are sent.
>
> I'm sorry, I don't understand. This system is already a slave for the
> forward zone example.com. I just realized I forgot to include that in
> my previous post:
>
> zone "example.com" {
> type slave;
> file "slaves/db.example.com";
> masters { 64.1.1.3; };
> allow-query { any; };
> allow-transfer { trusted; };
> };
Add NS records for scann.example.com to example.com. This is how
nameservers are supposed to find out which machines serve which
zones.
scann.example.com. 3600 NS <name-of-66.104.104.66>.
To go from the root zone to the org zone the root zone has a copy
of the NS records for org.
org. 60444 IN NS b0.org.afilias-nst.org.
org. 60444 IN NS a2.org.afilias-nst.info.
org. 60444 IN NS a0.org.afilias-nst.info.
org. 60444 IN NS b2.org.afilias-nst.org.
org. 60444 IN NS d0.org.afilias-nst.org.
org. 60444 IN NS c0.org.afilias-nst.info.
Similarly to go from the org zone to the isc.org zone the org zone has
a copy of the NS records for isc.org.
isc.org. 7200 IN NS ord.sns-pb.isc.org.
isc.org. 7200 IN NS ns.isc.afilias-nst.info.
isc.org. 7200 IN NS ams.sns-pb.isc.org.
isc.org. 7200 IN NS sfba.sns-pb.isc.org.
Mark
> Thanks,
> Alex
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list