Forwarding goes amiss?

Kevin Darcy kcd at daimlerchrysler.com
Wed Nov 26 23:19:55 UTC 2003 

Mark wrote:

>----- Original Message ----- 
>From: "Kevin Darcy" <kcd at daimlerchrysler.com>
>To: <comp-protocols-dns-bind at isc.org>
>Sent: Tuesday, November 25, 2003 1:46 AM
>Subject: Re: Forwarding goes amiss?
>
>
>  
>
>>Mark wrote:
>>
>>    
>>
>>>Using BIND 8.4.1-REL, I'd like to add RBL style zone, like so:
>>>
>>>zone "dynablock.my-domain.info" {
>>>       type forward;
>>>       forward first;
>>>       forwarders {
>>>               127.0.0.4;
>>>       };
>>>};
>>>
>>>At 127.0.0.4, rbldnsd is listening (on a ifconfig alias of lo0), and
>>>*working, as a dig @127.0.0.4 gives the proper responses.
>>>
>>>So, "dig @127.0.0.4 177.64.161.195.dynablock.my-domain.info" gives me the
>>>right result:
>>>
>>>;; ANSWER SECTION:
>>>177.64.161.195.dynablock.my-domain.info.  35M IN A  127.0.0.2
>>>
>>>But "dig 177.64.161.195.dynablock.my-domain.info" does NOT:
>>>
>>>      
>>>
>>1. Is the first "nameserver" entry in your /etc/resolv.conf pointed at
>>one of the addresses on which your local nameserver is listening?
>>2. Is dynablock.my-domain.info delegated? I suspect it is not. I seem to
>>recall that BIND 8 will only forward for a *delegated* subdomain, if the
>>nameserver is authoritative for anything above it in the hierarchy...
>>    
>>
>
>
>Thank you for your answer. I just now found a solution.
>
>Next to zone "dynablock.my-domain.info" I also had a zone called zone
>"my-domain.info" defined. It is was in named.conf for a very long time
>already, as I registered the .info domain a few years back (but has not been
>in use). Having the zone "my-domain.info" caused BIND to consult that zone
>first for queries to "dyanablock". Once I removed zone "my-domain.info",
>everything worked like a charm for zone "dynablock.my-domain.info". :)
>
>Your answer seems to suggest, though, that I could have BIND serve zone
>"my-domain.info" itself, and still have zone "dynablock.my-domain.info"
>delegated. Is that correct? Although things work now, eventually I'd like to
>have zone "my-domain.info" back too.
>
Yes, in order to forward _underneath_ an authoritative zone, you need to 
delegate the relevant part of the namespace. At least I'm pretty sure 
this is true of BIND 8; not so sure it's still necessary in BIND 9...

                                                                         
                                       - Kevin

More information about the bind-users mailing list