bind 9.4.1: bug or feature?

Chris Buxton cbuxton at menandmice.com
Tue Jul 24 18:49:28 UTC 2007 

This isn't so much a bug as just a weird consequence of how things work.

In your initial attempt, when you ask your server for  
something.xyz.local, here's what happens:

- Examine local authoritative data.
- Find an authoritative zone for a domain that covers the request.  
There is no answer in the zone, nor any delegation.
- Return a negative answer.

The forward zone is not even considered. Now, with your second  
attempt (the solution that inexplicably works):

- Examine local authoritative data.
- Find an authoritative zone for a domain that covers the request.  
There is an intervening delegation, so turn operation over to  
resolver logic.
- Examine resolver rules, including root hints, stub zones, forward  
zones, global forwarding, etc.
- Find forward zone. Rather than following delegation and doing  
recursion, forward to specified server.

If you wanted to, you could achieve nearly the same effect without  
the forward zone as follows:

xyz	NS	ns1.xyz
	NS	ns2.xyz
ns1.xyz	A	1.2.3.4
nx2.xyz	A	5.6.7.8

The differences would be:

- You would have to maintain the addresses of the other servers in  
the zone data rather than in named.conf.
- Rather than sending a recursive query to the other servers, your  
server would send iterative queries.

Chris Buxton
Men & Mice

On Jul 24, 2007, at 5:45 AM, Tom Schmitt wrote:

> Hi,
>
> I'm using Bind 9.4.1 for my internal DNS where I have a domain with  
> the name local.
>
> Now I have to forward a subdomain of this through a firewall to  
> another DNS-server. Nothing easier than that (I thought) and added  
> the following statement to my named.conf:
>
> zone "xyz.local" {
>         type forward;
>         forwarders { 1.2.3.4; 5.6.7.8; };
>         forward only;
> };
>
> And I was happy till I tested it: I doesn't work. After a rndc  
> reconfig the named still doesn't know anything about the domain  
> xyz.local.
> A networkscan revealed that named don't even try to ask one of the  
> forwarders.
>
> So I thought i have some kind of syntax-error in my statement and  
> checked the logfiles of named: But there was no errormessage of any  
> kind, not a warning, not even a info-message which indicate a  
> problem with my forwarding-statement.
>
> I tried a lot of things, but in the end the following brought my  
> statement to work: I added the following record to my local.-zone:
>
> xyz.local. 3600  IN NS nosuchserver.xyz.local.
>
> Together with this record my forward-statement is working fine!  
> Even tough the mentioned server doesn't exist.
>
> So what I don't understand: Why is it necassary to add this record?  
> Is it a bug in Bind 9.4.1? Or is this intentional? And if it is  
> intentional, why is there no error-message if it is missing?
>
> Tom.
>
> -- 
> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
>
>

More information about the bind-users mailing list