Another newbie question. Thank you.
Joe Kattner
joe.kattner at adelphia.com
Mon Nov 5 21:12:02 UTC 2001
Bob,
I had thought originally that you had only two servers. Sorry if I caused
you more confusion. I think I understand now :)
Are both 9.14.1.30 and 9.87.63.25 working properly? If the new server is
going to be resolving internet names, you really shouldn't be pointing it to
another forwarder(9.87.63.25). Does 9.14.1.30 allow queries and recursion
for your new server?
I set up the same scenario, a public server that resolves internet names,
then a private internal forwarder for caching client requests, and a private
server only, based on your configuration from the first mail you sent and it
worked fine, the config is below. Note that this server is only forwarding,
and does not have root hints. Hope that helps.
--Joe
[root at tuna /etc] cat /etc/named.conf
key tuna {
algorithm hmac-md5;
secret "...";
};
server 127.0.0.1 { keys { tuna; }; };
controls { inet 127.0.0.1 allow { 127.0.0.1; } keys { tuna; }; };
options {
directory "/var/named";
auth-nxdomain no;
forwarders { 24.48.58.222; }; // <-- Resolves internet names
has allow-query, allow-recursion
acl for this server.
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};
zone "test.lan" { // An internal zone on a private master
type forward;
forwarders { 10.156.115.251; }; // This server is internal only
};
[root at tuna /etc]
-----Original Message-----
From: R. Alexander [mailto:bob at lori-renato.italy.ibm.com]
Sent: Monday, November 05, 2001 10:06 AM
To: comp-protocols-dns-bind at moderators.isc.org
Subject: Re: Another newbie question. Thank you.
Thank you Joe.
Let me see if I can understand ...
9.14.1.30 is the name server which is both authoritative for all of the
internal (private) ibm.com domain AND when queried it resolves also all
of the Internet addresses.
9.87.63.25 is authoritative only for italy.ibm.com (also another
internal domain) and of course "sees" 9.14.1.30 as it's "parent" for
what he cannot resolve. Also it is located physically here in Italy
where I work.
My attempt was to set up a local caching server which forwarded all
queries to 9.87.63.25 and if this one is dead to 9.14.1.30 ...
This is all ...
What am I doing wrong ?
Thank you. Bob
More information about the bind-users
mailing list