bind9 forward zones
Tom Allison
tallison at tacocat.net
Mon Apr 11 01:37:14 UTC 2005
Hello,
I'm trying to do two things with forwarders.
The first is to forward requests to my ISP DNS servers to avoid hitting
the root servers where I can. Originally I am pretty sure that my
options{ forwarders...} was working correctly, but I can't validate that
using dig.
The second is to forward a specific zone to another subnet (VPN) for
domain resolution. This second subnet has it's own domain servers and I
would like to utilize them for that subnet for simplicity.
using things like dig +trace, it appears that I am using neither one of
my forwarders.
So, two questions:
What is the correct method of using dig to validate that my forwarders
are working correctly -- what should I see and what should I not see?
Is the following format actually correct? It doesn't act like it.
Currently I have the following in my named.conf:
options {
notify no;
forwarders {
24.169.224.226;
24.169.224.230;
};
forward first;
auth-nxdomain no; # conform to RFC1035
allow-query {
192.168.3/24;
192.168.30/24;
127.0.0/24;
};
allow-transfer { none; };
recursion yes;
};
zone "vpndomain.com" {
type forward;
//forward first;
forwarders { 192.168.30.2; };
//allow-query { 192.168.3.0/24; };
};
zone "30.168.192.in-addr.arpa" {
type forward;
//forward first;
forwarders { 192.168.30.2; };
//allow-query { 192.168.3.0/24; };
};
More information about the bind-users
mailing list