Help!:2nd Please let me know How to use forward and fowarders.

Kevin Darcy kcd at daimlerchrysler.com
Thu Nov 16 01:01:38 UTC 2000 

If you want NATrouter to forward only to DNS(2), then you should be using "forward
only" instead of "forward first".


- Kevin

ynishimura at home.nimc.go.jp wrote:

> Dear sirs
>
> The following is our network.
> There is a private nework in our big network.
> The private network has PCUNX-Natrouter as gateway to big network.
> The big network has FireWallOne as gateway to Internet.
>
> Those two gateways have  Bind8.2.2pl5 with themselves.
>
> 1)If the users are in aist.go.jp, there is no problem.
>
> 2)If the users are in internal
> The PC client's nameserver is NATrouter. It can know IP address of hosts in
> private network(internal) and those in Internet.
> But,  It often cannnot know IP address of hosts in aist.go.jp.
>
> I  put Lananalyzer on the upper side  of  NatRouter,  that is nameserver, also.
> I  found  some DNS query commands packet for aist.go.jp  go to DNS(2) but some
> DNS query command packets don't go to DNS(2) to DNS Root.
>
> And those situations change in time.
>
> I like all of DNS query packet to go to DNS(2).
>
> Does anyone know the reason of my troubles?
>
>                                                                      LAN
> Analyzer
>                                                                           |
>                                                                           |
> > Domainname                              aist.go.jp            |internal
> >                        1)                       150.29.xx.xx      |    3)
> 192.168.0.xx
> > Internet------Firewall-------------------------NATRouter----------PC client
> >                  Bind8.2.2pl5 for Internet            |     Bind8.2.2pl5 for
> inside of natrouter
> >                  FireWallOne                            |      Non-authority
> >                   has authority                         |
> >                                                          2) DNS
> >                                                    Bind8.2.2pl5 for
> 150.29.xx.xx
> >                                                            Non-authority
> > The following is the  named.conf on NatROUTER(3)
> >
> > // $FreeBSD: src/etc/namedb/named.conf,v 1.5.2.1 1999/08/29 14:19:30 pete
> > r Exp $
> >
> > options {
> >         directory "/etc/namedb";
> >
> >         allow-query{
> >                 192.168.0/24;
> >         };
> >         forward first;
> >         forwarders {
> >                 150.29.144.64;<----the IP address of DNS(2)
> >         };
> > };
> >
> >
> > zone "." {
> >         type hint;
> >         file "named.root";
> > };
> >
> >
> > zone "0.0.127.IN-ADDR.ARPA" in {
> >         type master;
> >         file "localhost.rev";
> > };
> >
> > zone "internal" in {
> >         type master;
> >         file "internal.zone";
> >         allow-update {localhost;};
> > };
> >
> > zone "0.168.192.in-addr.arpa" in {
> >         type master;
> >         file "internal.rev";
> >         allow-update {localhost;};
> > };
> >
> >

More information about the bind-users mailing list