Does global forwarding take precedence over selective forwarding?
Treptow, Craig
Treptow.Craig at principal.com
Fri Sep 1 01:12:48 UTC 2000
Hi. This is BIND 8.2.2-p5 on AIX 4.3. This is an internal DNS server that
forwards requests to two firewalls and onto the Internet for things it's not
authoritative for. This works fine. To this we wanted to add
prodplex.principal.com on the internal side and have that serverd by another
DNS server. Delegating this child domain won't work, because the forwarding
takes precedence over the delegation...or so I've learned from this list.
So I've been trying in vain to get selective forwarding to work for this child
domain. By everything I've read what I've shown below should work.
When I go "ndc trace", I don't get a named.run.
So is the forwarding to our firewalls somehow stopping the selective
forwarding? If not, does anybody have some other tips to help me debug this?
Here are my dig sessions followed by snippets of my named.conf:
nameserver1.principal.com # dig @162.131.250.150 wlmftp.prodplex.principal.com
<
; <<>> DiG 8.2 <<>> @162.131.250.150 wlmftp.prodplex.principal.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; wlmftp.prodplex.principal.com, type = A, class = IN
;; ANSWER SECTION:
wlmftp.prodplex.principal.com. 1S IN A 162.131.250.150
;; AUTHORITY SECTION:
prodplex.principal.com. 1D IN NS mvst.prodplex.principal.com.
prodplex.principal.com. 1D IN NS mvse.prodplex.principal.com.
;; ADDITIONAL SECTION:
mvst.prodplex.principal.com. 1D IN A 162.131.250.150
mvse.prodplex.principal.com. 1D IN A 162.131.250.105
;; Total query time: 22 msec
;; FROM: nameserver1.principal.com to SERVER: 162.131.250.150
;; WHEN: Thu Aug 31 19:54:27 2000
;; MSG SIZE sent: 47 rcvd: 155
nameserver1.principal.com # dig wlmftp.prodplex.principal.com
; <<>> DiG 8.2 <<>> wlmftp.prodplex.principal.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; wlmftp.prodplex.principal.com, type = A, class = IN
;; AUTHORITY SECTION:
principal.com. 6H IN SOA nameserver1.principal.com.
kratochvil.k(
2000083102 ; serial
3H ; refresh
1H ; retry
1W ; expiry
6H ) ; minimum
;; Total query time: 5 msec
;; FROM: nameserver1.principal.com to SERVER: default -- 0.0.0.0
;; WHEN: Thu Aug 31 19:55:41 2000
;; MSG SIZE sent: 47 rcvd: 125
options {
directory "/usr/local/named";
pid-file "/etc/named.pid";
named-xfer "/usr/local/bin/bind/named-xfer";
notify yes;
check-names master ignore; /* default. */
check-names slave ignore;
listen-on port 53 { any; };
forward only;
forwarders {204.167.169.129;204.167.169.131;};
allow-query { any; };
allow-transfer { dns-secondary-servers; };
transfer-format many-answers;
};
...
zone "prodplex.principal.com" {
type forward;
forward only;
forwarders {162.131.250.150; 162.131.250.105;};
};
zone "principal.com" IN {
type master;
file "db.principal.com";
allow-update { none; };
allow-transfer { dns-secondary-servers; unix-servers; };
};
Thanks!
Craig Treptow
Principal Financial Group
I/S Network Administration
(515) 247-6207
More information about the bind-users
mailing list