Bind Forwarders Not Working.
Kevin Darcy
kcd at daimlerchrysler.com
Fri Feb 17 00:05:54 UTC 2006
Conrad G wrote:
>I am trying to enable Bind 9.3.x to use forwarders in the following
>situation.
>
>First the query should check the local zones. If no zone is defined then
>the forwarders should be queried.
>
>I have tried using forwarding first but this works in the reverse it
>checks the forwarders first them the local.
>
>How do I get the server to query local first then the forwarders.
>
By "local" do you mean authoritative data? Assuming that translation,
what you describe should work with ordinary forwarding, but it's
important to understand that named's decision to forward or not forward,
is determined by what *zone* contains the name being queried. If named
has authoritative data for the zone in question, it will answer from
that authoritative data and *only* from that authoritative data (it
won't forward), otherwise it'll "fail over" to other resolution
mechanisms, such as plain-old-forwarding, if configured ("forward only")
or forwarding-with-fallback-to-iterative-resolution, if configured
("forward first").
This is a somewhat subtle point, but perhaps an example will illuminate.
Querying foo.bar.example.com: if the nameserver is authoritative for
example.com, but within that authoritative data, there is no
bar.example.com or anything beneath it, then the nameserver will return
NXDOMAIN. In order for some "global" forwarding rule to kick in, at the
very least bar.example.com or foo.bar.example.com would need to be
delegated. That would put the foo.bar.example.com name in a different
*zone* from example.com, one for which potentially the BIND instance is
not authoritative.
- Kevin
More information about the bind-users
mailing list