BIND & forwarding zone / proxy - HOW???
kurczaq
fakjudupaq at yahoo.com.au
Sat Jul 1 10:28:34 UTC 2006
Hi,
I've the following problem:
I have a machine on IP x.x.x.x with bind 9.3 which is authoritative
master for a number of domains. There is a private network behind
x.x.x.x using 10.1.1.0/24
Now I want to delegate a globally visible subdomain "sub.domain.com" to
another machine on the private network, e.g. 10.1.1.1 - more
specifically I want that all queries for sub.domain.com are being
answered by bind on 10.1.1.1 (and I would even like to use a port
different than 53 there, e.g. 5353)
It is clear that I can not do in the global DNS for domain.com a
delegation like:
"sub IN NS 10.1.1.1"
thus I tried the following:
global delegation in domain.com:
"sub IN NS x.x.x.x"
added in the config of BIND on x.x.x.x:
zone "sub.domain.com" in {
type forward;
forward only;
forwarders { 10.1.1.1 port 5353 ; };
};
But: THIS DOES NOT WORK :-(
More precisely:
- if I type (from any outside IP on the internet, or from local IP or
x.x.x.x):
"host test.sub.domain.com x.x.x.x"
it works as intended - the bind on x.x.x.x gets the query and generates
a query to 10.1.1.1 on port 5353!
- but if I type (from any outside IP on the internet) that is use the
available local DNS server to resolve it:
"host test.sub.domain.com"
I see that the query (from IP's local DNS resolver) arrives at x.x.x.x
(tcpdump) but bind on x.x.x.x IMMEDIATELY responds with ServFail
WITHOUT even generating a query to 10.1.1.1 !!!!!
I really don't understand why is this? I tried even to open all ACLs
etc - did not help! Seems really that it works only if bind on x.x.x.x
is asked directly by a client but does not work if the client asks
through its local DNS server?
Can anyone explain that - and how to do it right?
:-(
More information about the bind-users
mailing list