Forward zone and load-balancer
Alain Morency
morencyalain at hotmail.com
Fri Oct 25 18:08:00 UTC 2002
Alain Morency wrote:
>I have load-balancers equipments that handles DNS queries for
>certain host to load-balance between multiple servers for redundancy.
>These load-balancers are in the intranet behind a firewall.
>
>Because i don't want all DNS servers on the internet to query my
>load-balancers, i put a rule in my firewall to accept only DNS query
>from my ISP's DNS (DNS1). DNS1 is authoritative for mydomain.com
>Unfortunatly, i don't have any access on DNS1 configuration.
>
>I told them to add a forward zone like in following example.
>200.210.220.230 and 200.210.240.230 are the load-balancers' addresses.
>
>zone "www.mydomain.com" in
> {
> type forward;
> forwarders {200.210.220.230; 200.210.240.230; };
> forward only;
> };
>
> The problem is, i see no query coming from DNS1 on the firewall.
> I used the same configuration in my lab with Bind 8.2.4 as DNS1
> and it worked.
>
> What is wrong ?
What you've set up simply won't work. Forward zones only apply to
recursive queries, and your ISP's name servers will only receive non-
recursive queries for data in mydomain.com.
You need to let arbitrary name servers on the Internet query your
load balancers.
cricket
Men & Mice
DNS Software, Training and Consulting
www.menandmice.com
The DNS and BIND Cookbook, available now!
http://www.oreilly.com/catalog/dnsbindckbk/
Hi again,
First question :
Is there a way to have the same behavior I need,
with or without forward zones, if I don't want to let arbitrary name
servers on the Internet query my load balancers ?
Second question :
Right now, even if I set DNS1 as my name server (using nslookup in my
resolver), I can't resolve www.mydomain.com , is it normal ?
Thank you for your help,
Alain
_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://www.msn.fr/msger/default.asp
More information about the bind-users
mailing list