Forwarding zone, setup
Ben Croswell
ben.croswell at gmail.com
Tue Mar 1 18:36:38 UTC 2022
Are you loading the parent domain and trying to zone forward a child domain
on the same DNS server? I.e. loading somedomain.local and trying to forward
ab.somedomain.local
If so an NS delegation is required in every instance I have done in my
environment. The NS doesn't need to be "right" but it needs to exist. I
don't know the internal BIND logic for that but I have always taken it as
"I load the parent and I know the child doesn't exist because there isn't a
delegation to make it exist so why would I forward something that doesn't
exist".
On Tue, Mar 1, 2022, 1:18 PM Gregory Sloop <gregs at sloop.net> wrote:
> Static-sub fixes the issue.
>
>
>
> Any idea why static-sub works when forwarder doesn't?
>
>
>
> (Again, the server is using recursion. Dig queries return the RA flag, so
> I know it's actually offering recursion in reality.)
>
>
>
> I can live with static-sub just fine, since it works - but I'd really love
> to understand why forwarder didn't - just so I can avoid getting bitten by
> it in some other situation.
>
>
>
> Thanks Andrej!
>
> -Greg
>
>
>
>
> Is static-stub something you are looking for?
>
>
> Reference documentation:
>
> https://bind9.readthedocs.io/en/v9_18_0/reference.html?highlight=static-stub#zone-types
>
>
> And in human terms:
> https://jpmens.net/2011/01/25/binds-new-static-stub-zone-type/
>
>
> Ondrej
> --
> Ondřej Surý (He/Him)
> ondrej at isc.org
>
>
> My working hours and your working hours may be different. Please do not
> feel obligated to reply outside your normal working hours.
>
>
> On 28. 2. 2022, at 21:47, Gregory Sloop <gregs at sloop.net> wrote:
>
> So, I want to forward all queries for
> *.ab.somedomain.local to some other internal DNS servers.
> (Records in *.ab.somedomain.local actually are our active domain servers)
>
> (Yes, I know .local is reserved now, but we've been using it a long time
> and changing would be rather painful. Unless there's some horrible
> consequences, I think we'll just continue for now. We won't ever use mDNS.)
>
> zone "ab.somedomain.local" {
> type forward;
> forward only;
> forwarders { 10.0.0.1; 10.0.0.2; 10.0.0.3; };
> };
>
> But this doesn't appear to do what I want.
>
> If I add the above to my regular BIND servers configuration, it doesn't
> return results like it's forwarding them. (I get NXDOMAIN for
> abc.ab.somedomain.local.)
>
> If I do a dig @10.0.0.1 abc.ab.somedomain.local from the BIND server, I
> get a proper result. (force dig to use the AD name servers directly,
> instead of relying on the forward.)
>
> (And yes the resolv.conf file has the ip addresses of the main internal
> BIND servers in it, and those only.)
> I've looked and while I think I'm doing it right, I'm not entirely sure.
> I figured before I beat my head against the wall for too long, I'd ask the
> real experts! :)
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220301/8533afaa/attachment.htm>
More information about the bind-users
mailing list