forwarders and firewalls
Kevin Darcy
kcd at daimlerchrysler.com
Thu Dec 5 19:13:31 UTC 2002
Steve Holdoway wrote:
> I've just managed to get my forwarders to work on bind 9.2.1, under RH
> Linux 7.3, behind a firewall.
>
> The only way I could get them to resolve was if they were defined both
> as forwarders in /etc/named.conf, and as nameservers in
> /etc/resolv.conf.
>
> Any other combination fails. Any idea why??
named doesn't use /etc/resolv.conf for any forwarding/iteration
decisions, so either your assumptions or your methodology must be flawed
somehow. You do realize hopefully that the order of nameservers in
/etc/resolv.conf is significant, right? So if you put the forwarders as
the *first* nameservers in /etc/resolv.conf, stub resolvers will be using
the forwarders directly without going through your local nameserver.
Conversely, if the first nameserver entry in /etc/resolv.conf is your
local nameserver, then it shouldn't make any difference what subsequent
entries are, as long as the local nameserver stays up and responding. Is
it possible that your local nameserver was down during some of your
tests, so stub resolvers were failing over to the forwarders?
Another thing to consider is that some programs (e.g. sendmail) have
their own resolvers which can be configured independently of
/etc/resolv.conf. And, of course, there are other naming services besides
DNS (NIS, NetInfo, WINS, etc.) so if something was resolving, it's
conceivable that it might have been resolving through one of those naming
services instead of DNS.
- Kevin
More information about the bind-users
mailing list