authoritative "forward" zone - possible?
Justin Mason
jm at jmason.org
Sat Oct 16 21:54:30 UTC 2004
Hi there -- I'm trying an unusual situation here, and it doesn't
seem to be working.
I have a dynamic zone, and a daemon that will act as a nameserver,
generating data in that zone based on queries coming from clients.
rbldnsd is a good example of this.
I don't want to dedicate an IP address to this zone, so I thought
a good way to do this would be to use BIND's "type forward" zone
support:
zone "v.yerp.org" IN {
type forward;
forward first;
forwarders {
127.0.0.1 port 55;
};
};
IOW, run the non-BIND ns on port 55, and let clients access it through
BIND's forwarded zone. This means I can keep BIND running on that
machine, great!
So: this works if I point clients at the nameserver directly; but if I let
them use the normal TLD delegation lookup, it fails.
The 2LD zone delegates to the v.yerp.org subdomain correctly (afaik):
yerp.org. IN SOA ns1.boxhost.net. jm.jmason.org. (
2004000021
3600 600 604800 3600 )
yerp.org. IN NS ns1.boxhost.net.
ns1.boxhost.net. IN A 195.218.96.101
yerp.org. IN NS ns6.gandi.net.
ns6.gandi.net. IN A 217.70.177.40
v.yerp.org. IN NS ns2.yerp.org.
ns2.yerp.org. IN A 64.142.3.174
(Note: that's on another server entirely, ns1.boxhost.net.)
A "dig +trace", however, seems to indicate that the ns2 host (where the
forward zone is running) doesn't want to be authoritative for the zone:
: jm 1726...; dig test.com.v.yerp.org TXT +trace
; <<>> DiG 9.2.4rc5 <<>> test.com.v.yerp.org TXT +trace
;; global options: printcmd
. 517766 IN NS H.ROOT-SERVERS.NET.
. 517766 IN NS I.ROOT-SERVERS.NET.
. 517766 IN NS J.ROOT-SERVERS.NET.
. 517766 IN NS K.ROOT-SERVERS.NET.
. 517766 IN NS L.ROOT-SERVERS.NET.
. 517766 IN NS M.ROOT-SERVERS.NET.
. 517766 IN NS A.ROOT-SERVERS.NET.
. 517766 IN NS B.ROOT-SERVERS.NET.
. 517766 IN NS C.ROOT-SERVERS.NET.
. 517766 IN NS D.ROOT-SERVERS.NET.
. 517766 IN NS E.ROOT-SERVERS.NET.
. 517766 IN NS F.ROOT-SERVERS.NET.
. 517766 IN NS G.ROOT-SERVERS.NET.
;; Received 436 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms
org. 172800 IN NS TLD1.ULTRADNS.NET.
org. 172800 IN NS TLD2.ULTRADNS.NET.
;; Received 119 bytes from 128.63.2.53#53(H.ROOT-SERVERS.NET) in 96 ms
yerp.org. 86400 IN NS ns6.gandi.net.
yerp.org. 86400 IN NS ns1.boxhost.net.
;; Received 90 bytes from 204.74.112.1#53(TLD1.ULTRADNS.NET) in 41 ms
v.yerp.org. 3600 IN NS ns2.yerp.org.
;; Received 72 bytes from 217.70.177.40#53(ns6.gandi.net) in 186 ms
org. 170720 IN NS TLD1.ULTRADNS.NET.
org. 170720 IN NS TLD2.ULTRADNS.NET.
;; Received 87 bytes from 64.142.3.174#53(ns2.yerp.org) in 34 ms
So the request never gets forwarded to the forwardee nameserver daemon --
this happens within BIND. Is there any way to make BIND think it's
authoritative for that zone? Am I missing something? Have I screwed up
my delegation there?
(BTW, the v.yerp.org zone is currently down, so any queries to that
will fail.)
--j.
More information about the bind-users
mailing list