forwarding zone on BIND 8.2.2-P5
Kevin Darcy
kcd at daimlerchrysler.com
Tue May 16 21:08:26 UTC 2000
sysatc at evoken.gsu.edu wrote:
> In article <39207AD2.22266310 at daimlerchrysler.com>,
> Kevin Darcy <kcd at daimlerchrysler.com> wrote:
> #Okay, so let's get to the "problem" here: lack of packet activity
> #between your nameserver and its forwarder. This can be explained
> #entirely by caching. On the first query, your nameserver forwards the
> #query and gets an answer back, either that the name exists, or that it
> #doesn't. It caches that answer for some length of time (governed by
> #either the TTL of the record, in the case of a positive response, or by
> #a field in the SOA record of the zone, in the case of a negative
> #response). As long as the record remains in the cache, your nameserver
> #will answer from that cached record instead of forwarding queries
> #upstream.
>
> Thanks for all the responses so far, but you all are missing a point
> I should have more clear in my original post:
>
> Our main nameservers (the only ones you can query from outside our domain)
> are currently acting as secondaries for the domain I am experimenting with.
> The name server I am using to figure out how to do a forwarding only zone,
> and the one I have been referring to, is query restricted *only* to my
> workstation. Trying to reverse any record in 131.96.22 will not tell
> you anything related to my problem (unless you are on my workstation :)
> The main name server (the one currently acting as a secondary, which is
> what you are querying) is functioning just fine; the forwarding zone I am
> trying to set up on my workstation as described, is not.
>
> So that there are no misunderstandings, here is my complete named.conf file:
>
> --------------- named.conf -------------------------------------------------
>
> acl query-allow {
> localhost;
> 131.96.32.182;
> };
>
> options {
> directory "/etc/named.d";
> allow-query { query-allow; };
> };
>
> zone "." {
> type hint;
> file "root.cache";
> };
>
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "localhost.rev";
> };
>
> zone "Gsu.EDU" {
> type master;
> file "named.hosts";
> };
>
> zone "96.131.in-addr.arpa" {
> type master;
> file "named.rev";
> };
>
> zone "22.96.131.in-addr.arpa" {
> type forward;
> forward only;
> forwarders { 131.96.22.199; };
> };
>
> zone "CS.Gsu.EDU" {
> type forward;
> forward only;
> forwarders { 131.96.22.199; };
> };
>
> --------------- end named.conf ---------------------------------------------
>
> the CS.Gsu.EDU/131.96.22.* zone is the one I am trying to set up as
> forward-only.
>
> Here is the complete named.hosts file:
>
> --------------- named.hosts ------------------------------------------------
>
> @ in soa evoken.Gsu.EDU. root.mailhost.Gsu.EDU. (
> 2000051204 ; serial yymmdd##
> 600 ; refresh every 10 minutes
> 300 ; retry every 5 minutes
> 3600000 ; expires after 1000 hours
> 14400 ; minimum - default ttl of 4 hours
> )
> in ns ns.Gsu.EDU.
> in ns ns1.Gsu.EDU.
> in ns ns2.Gsu.EDU.
> in mx 10 mailhost.Gsu.EDU.
> in a 131.96.32.182
>
> localhost in a 127.1
> loghost in cname localhost
>
> evoken in a 131.96.32.182
>
> CS.Gsu.EDU. in a 131.96.22.199
> in ns ns.CS.Gsu.EDU.
>
> --------------- named.hosts ------------------------------------------------
> As you can see, only the local workstation, and "A" and "NS" records for the
> CS.Gsu.EDU name server are present. When I try to resolve "A" records in
> the CS.Gsu.EDU domain, they are forwarded to 131.96.22.199 and resolved
> correctly. I can verify this both by the fact they resolve even though they
> are not defined locally, and I can snoop the network traffic.
>
> This is the complete named.rev file:
>
> --------------- named.rev --------------------------------------------------
>
> @ in soa evoken.Gsu.EDU. sysnet.evoken.Gsu.EDU. (
> 2000051204 ; serial yymmdd##
> 600 ; refresh every 15 minutes
> 300 ; retry every 5 minutes
> 3600000 ; expire after 1000 hours
> 14400 ; minimum - default ttl of 4 hours
> )
> in ns ns.Gsu.EDU.
> in ns ns1.Gsu.EDU.
> in ns ns2.Gsu.EDU.
>
> 182.32 in ptr evoken.Gsu.EDU.
> 199.22 in ptr CS.Gsu.EDU.
>
> --------------- named.rev --------------------------------------------------
>
> As you can see, only the local workstation, and a "PTR" record for the
> CS.Gu.EDU name server are present. Attempts to resolve the PTR record for
> anything in 131.96.22 fail to be forwarded. I can tell this both the fact
> they return a "Non-existent host/domain" message, and there is no network
> traffic generated to the CS.Gsu.EDU nameserver. There should not be an
> issue with caching to explain the lack of network traffic, since the record
> is not defined locally and is not in a cache since it doesn't resolve at all.
>
> It would seem that something in my configuration is telling this experimental
> name server to forward "A" record resolve requests, but not "PTR" records.
> I am guessing it is either something in the zone definition (see named.conf,
> above) or in my named.rev file (see also above).
>
> Any further help is greatly appreciated. If you would like to be able to
> query this name server I am experimenting with to help me diagnose the
> problem, please contact me and I can add you to the query ACL.
The 199.22.96.131.in-addr.arpa entry in your named.rev file is "hiding" the
22.96.131.in-addr.arpa "type forward" zone. Yeah, I know that's somewhat non-intuitive...
- Kevin
More information about the bind-users
mailing list