query-source
Joseph S D Yao
jsdy at cospo.osis.gov
Mon Dec 11 22:29:51 UTC 2000
On Mon, Dec 11, 2000 at 07:16:31PM +0000, gjohnson at showmaster.com wrote:
> I have a problem being forwarded dns responses from my primary dns
> server to my firewall which is running dns for private use. When I use
> query source and point it to my primary name server I get an error
...
> Dec 11 13:12:41 proxy named[19326]: sysquery: sendto
> ([207.204.83.72].53): Invali
> d argument
>
> I thought the whole point of the query source is to point it to another
> name server (in this case my primary dns server) so U can have dns
> queries forwarded to you, but it's not working that way and the
> firewall is not being forwarded dns answers. I get the invalid
> argument when I do point my source to my name server. Am I missing
> something?
I am left with no clear idea what your configuration looks like. But
you certainly have the wrong idea about "query-source".
I suspect that you want to forward all queries that your internal name
server can't authoritatively respond to, to your firewall. The correct
option is "forwarders { ip; ... };" inside your options{} statement.
If you're inside a firewall, and the firewall is your ONLY source for
external name service, then you would want to add the "forward only"
option.
The "query-source" option MUST refer to an IP address on your name
server [if it specifies an IP address]. It is used to specify the IP
address and/or port FROM which the name server will be sending a query.
Not TO which.
--
Joe Yao jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
More information about the bind-users
mailing list