Another newbie question. Thank you.

Joe Kattner joe.kattner at adelphia.com
Mon Nov 5 21:12:02 UTC 2001 

Bob,

I had thought originally that you had only two servers. Sorry if I caused
you more confusion. I think I understand now :)

Are both 9.14.1.30 and 9.87.63.25 working properly? If the new server is
going to be resolving internet names, you really shouldn't be pointing it to
another forwarder(9.87.63.25). Does 9.14.1.30 allow queries and recursion
for your new server?

I set up the same scenario, a public server that resolves internet names,
then a private internal forwarder for caching client requests, and a private
server only, based on your configuration from the first mail you sent and it
worked fine, the config is below. Note that this server is only forwarding,
and does not have root hints. Hope that helps.

--Joe


[root at tuna /etc] cat /etc/named.conf
key tuna {
        algorithm hmac-md5;
        secret "...";
};
server 127.0.0.1 { keys { tuna; }; };
controls { inet 127.0.0.1 allow { 127.0.0.1; } keys { tuna; }; };
options {
        directory "/var/named";
        auth-nxdomain no;
        forwarders { 24.48.58.222; }; // <-- Resolves internet names
                                         has allow-query, allow-recursion
                                         acl for this server.
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "named.local";
};
zone "test.lan" { // An internal zone on a private master
        type forward;
        forwarders { 10.156.115.251; }; // This server is internal only
};

[root at tuna /etc]


-----Original Message-----
From: R. Alexander [mailto:bob at lori-renato.italy.ibm.com]
Sent: Monday, November 05, 2001 10:06 AM
To: comp-protocols-dns-bind at moderators.isc.org
Subject: Re: Another newbie question. Thank you.

Thank you Joe.

Let me see if I can understand ...

9.14.1.30 is the name server which is both authoritative for all of the 
internal (private) ibm.com domain AND when queried it resolves also all 
of the Internet addresses.

9.87.63.25 is authoritative only for italy.ibm.com (also another 
internal domain) and of course "sees" 9.14.1.30 as it's "parent" for 
what he cannot resolve. Also it is located physically here in Italy 
where I work.

My attempt was to set up a local caching server which forwarded all 
queries to 9.87.63.25 and if this one is dead to 9.14.1.30 ...

This is all ...

What am I doing wrong ?

Thank you. Bob

More information about the bind-users mailing list