Problems with delegating zones outside of Bind

Léonard Wauters lwauters at ipnotic-telecom.fr
Wed Mar 29 17:39:47 UTC 2006 

Hello,

We heavily use bind inside our company for mapping our different servers 
and caching our own DNS requests.
We have two DNS servers (Bind 9.2.4.1) running over Debian Sarge, and 
everything is working well.

We have several zones, defined like this :

// Zone company.priv
zone "sup.ipnotic.priv" IN {
        type master;
        file "/etc/bind/db.sup.company.priv";
        allow-update { none; };
};

// Zone srvc.company.priv
zone "srvc.ipnotic.priv" IN {
        type master;
        file "/etc/bind/db.srvc.company.priv";
};

// Zone bbone.company.priv
zone "bbone.ipnotic.priv" IN {
        type master;
        file "/etc/bind/db.bbone.company.priv";
        allow-update { none; };
};


We want to add a new zone, say 'modems', but we do not want bind to 
handle it, because we have to use a SQL back-end. So we want to use 
powerdns which would store the ressource records, and Bind as a "proxy" 
that would ask powerdns for results.
Powerdns runs on both master and slave DNS, but on port 1053.

(My master DNS server is 10.10.0.40 and my slave is 10.10.0.46)

So we added the following zone :
// New zone
zone "modems.company.priv" IN {
        type forward;
        forward only;
        forwarders { 10.10.0.40 port 1053;
                     10.10.0.46 port 1053; };
};

So, in this configuration, Bind handles all requests (even for the 
modems.company.priv) and asks for powerdns when a query concerns the 
modems.company.priv zone.

But, it is not the case. Bind never interrogates the powerdns server on 
port 1053 for, for instance, a modem1.modems.company.priv A query. It 
only returns a NXDOMAIN error code.

The logs do not return any noticeable error. I also did a tcpdump on 
both master and slaves, and there is NO actual communication between 
bind and powerDNS. By the way, if I interrogate directly powerdns on 
port 1053, I get the expected results.

I searched some examples on the internet, but could not find anything.

Maybe dealing with the PTR and NS ressource records would be a solution, 
but I could find no examples of it.

Do someone have an example of how to do this ?

Thanks for your answers.

Léonard Wauters.


--

More information about the bind-users mailing list