Multiple DNS Forwards

Fri May 26 18:09:45 UTC 2000

I believe someone else (Barry?) pointed out that you have some syntax errors in
the named.conf that you attached previously (and I totally missed those, shame
on me!). Maybe that's the root of your problem.

- Kevin

Dave Walsh wrote:

> Hi Kevin,
>
> Thanks again for your response.  I really do appreciate your help since I'm
> so new to DNS.  I've read DNS & BIND and am starting to get a handle on it a
> bit better.  However, this feature is not very well documented -- at least
> that I can find.
>
> Anyway, I haven't tried dig, but I did to an nslookup and used the server
> 158.138.120.22 (server=158.138.120.22) to see if it could resolve addresses
> in hal.us.partnerco.com and it was fine.  The thing is, I'm not seeing the
> requests even being sent out my firewall to resolve these addresses which
> leads me to believe that it can't handle the second forward.  That is, it
> can use my general forward statement, and my first specific forward (i.e.
> partner.com), but it doesn't seem to go to the next one.  Can this selective
> forwarding only use one or can it use multiple?
>
> Thanks again.
>
> Dave
>
> "Kevin Darcy" <kcd at daimlerchrysler.com> wrote in message
> news:392C3C3D.5A32504E at daimlerchrysler.com...
> > It could be that 158.138.120.22 is authoritative for "partner.com" but
> > *not* "hal.us.partnerco.com", and has recursion turned off. What happens
> if
> > you just point a command-line utility like "dig" at 158.138.120.22 and try
> to
> > resolve those names? Is the RA (Recursion Available) bit set on the
> > response? Maybe you need to ask your partner what server you should be
> using
> > to resolve the names.
> >
> >
> > - Kevin
> >
> > Dave Walsh wrote:
> >
> > > Below is the content of my original question and the answer (from the
> BIND
> > > archives). Your solution worked great. However, our partner company has
> now
> > > expanded or decentralized and they also have more than just partner.com
> > > names to resolve. They now have hal.us.partnerco.com. I tried putting in
> > > another entry in my named.conf, but it doesn't seem to resolve hosts in
> > > hal.us.partnerco.com, but partner.com does still work.
> > >
> > > Any ideas?
> > >
> > > TIA
> > >
> > > Dave
> > >
> > > EXAMPLE: named.conf
> > >
> > > =====================
> > >
> > > options {
> > >
> > > directory "/var/named";
> > >
> > > forwarders { 227.252.18.10; };
> > >
> > > forward only;
> > >
> > > query-source address * port 53;
> > >
> > > };
> > >
> > > zone "0.0.127.IN-ADDR.ARPA" in {
> > >
> > > type master;
> > >
> > > file "db.127.0.0";
> > >
> > > notify no;
> > >
> > > };
> > >
> > > zone "mycompany.ca" in {
> > >
> > > type master;
> > >
> > > file "db.mycompany";
> > >
> > > };
> > >
> > > ** NOTE: I CAN RESOLVE HOSTS IN PARTNER.COM
> > >
> > > zone "partner.com" {
> > >
> > > type forward;
> > >
> > > forward only;
> > >
> > > forwarders { 158.138.120.22; }
> > >
> > > }
> > >
> > > ** NOTE: I CAN'T RESOLVE HOSTS IN HAL.US.PARTNERCO.COM
> > >
> > > zone "hal.us.partnerco.com" {
> > >
> > > type forward;
> > >
> > > forward only;
> > >
> > > forwarders { 158.138.120.22; }
> > >
> > > }
> > >
> > > zone "57.168.192.IN-ADDR.ARPA" in {
> > >
> > > type master;
> > >
> > > file "db.192.168.57";
> > >
> > > };
> > >
> > > zone "0.1.10.IN-ADDR.ARPA" in {
> > >
> > > type master;
> > >
> > > file "db.10.1.0";
> > >
> > > };
> > >
> > > zone "0.30.10.IN-ADDR.ARPA" in {
> > >
> > > type master;
> > >
> > > file "db.10.30.0";
> > >
> > > };
> > >
> > > zone "148.208.198.IN-ADDR.ARPA" in {
> > >
> > > type master;
> > >
> > > file "db.198.208.1481";
> > >
> > > };
> > >
> > > // zone "." in {
> > >
> > > // type hint;
> > >
> > > // file "db.cache";
> > >
> > > // };
> > >
> > > END NAMED.CONF
> > >
> > > ORIGINAL CORRESPONDENCE
> > >
> > > There is really no such thing as "conditional" forwarding in BIND 8.
> There
> > >
> > > is, however, "selective" forwarding. The difference is more than
> semantic:
> > >
> > > selective forwarding works *unconditionally*, i.e. has no relation to
> > >
> > > events or state, but is specified on a zone-by-zone basis, i.e. all
> queries
> > >
> > > in a specific zone X should be forwarded to a specific set of servers Y,
> Z,
> > >
> > > etc.. In your case, you'd set up a zone of type "forward" for your
> business
> > >
> > > partner's domain, let's call it "partner.com". And also in the zone
> > >
> > > definition you'd specify "forward only" and a "forwarders" clause
> > >
> > > containing the addresses of the partner's nameservers. So it would look
> > >
> > > something like:
> > >
> > > zone "partner.com" {
> > >
> > > type forward;
> > >
> > > forward only;
> > >
> > > forwarders { x.x.x.x; y.y.y.y; };
> > >
> > > }
> > >
> > > In your situation, selective forwarding would probably be better than
> > >
> > > conditional forwarding anyway, which would waste time and resources
> sending
> > >
> > > queries to the wrong places.
> > >
> > > A couple of other alternatives to consider, depending on your
> performance
> > >
> > > characteristics and/or requirements, or redundancy requirements, would
> > >
> > > include stub or slave zones.
> > >
> > > - Kevin
> > >
> > > Dave_Walsh wrote:
> > >
> > > > We are a satellite organization of our parent organization. At
> present,
> > >
> > > >
> > >
> > > > all of our Win95 PCs point to my local DNS server with a forward
> > >
> > > > statement
> > >
> > > > to our parent organization's DNS server for name resolution. In other
> > >
> > > > words, anything not resolved locally, will be forwarded to our
> corporate
> > >
> > > >
> > >
> > > > head office (where our Internet access is also). We've recently
> > >
> > > > acquired a
> > >
> > > > project with a business partner that requires only our location to
> have
> > >
> > > > access to the partner's DNS server so I can resolve names in their
> name
> > >
> > > > space.
> > >
> > > >
> > >
> > > > What's the best approach to accomodate all my needs? I must be able to
> > >
> > > > resolve local IP names, corporate names in the corporate WAN, Internet
> > >
> > > > names (via corporate) & the names at our new business partner. Can I
> > >
> > > > put on a second
> > >
> > > > forwarder statement on my local DNS server that will effectively say,
> > >
> > > > "if
> > >
> > > > you can't resolve it yourself, try the corporate DNS, if you can't
> > >
> > > > resolve
> > >
> > > > it there, try the partner DNS?".
> > >
> > > >
> > >
> > > > Mr. DNS says that conditional forwarding of BIND 8.2 will do it. I'm
> > >
> > > > pretty new to DNS. Can someone please advise.
> > >
> > > >
> > >
> > > > TIA
> > >
> > > >
> > >
> > > > Dave
> > >
> > > >
> > >
> > > > -- Binary/unsupported file stripped by Listar --
> > >
> > > > -- Type: text/x-vcard
> > >
> > > > -- File: Dave_J_Walsh.vcf
> > >
> > > > -- Desc: Card for Dave_Walsh
> >
> >
> >
> >
> >
> >