Is it possible to forward dns queries if unable to contact a DNS server?

Paul England pengland at wxc.co.nz
Thu Mar 29 22:21:30 UTC 2007 

Thank you for your suggestions Dawn,

Forward First - This option would work however it would increase our DNS
query times dramatically and would make our current DNS servers
redundant,

Forwarding specific zones would be rather tedious and can only be done
after figuring out which zones are running an outdated Bogons list,

However your suggestion regarding outbound NAT is something we hadn't
considered, unfortunately we don't own any other IP space but it is
definitely a good idea.. 

Again thanks for your ideas,

Paul England
Auckland, New Zealand

On Wed, 2007-03-28 at 22:01 -0700, Dawn Connelly wrote:
> You can set up a specific zone to forward to specific servers. Not a
> great solution but will work if you have a DNS server you know is able
> to make the query:
> zone "domain.com" { 
>         type forward;
>         forwarders { 10.10.10.10; 10.10.10.11; };
> };
> 
> Are you able to do an outbound NAT to a different IP range? Make it
> look like your DNS server is coming for a non former bogus IP range.
> Not sure if you can make the routing work on your network and whatnot,
> but that would be a different way of addresses the problem...and it
> would make sure that you don't have to manually create forwarders per
> domain. That would be time consuming and not a very effective
> solution.  The other option would be to set up a forward only
> configuration so all queries are forwarded to DNS servers that you
> know will get the answers for you. 
> forward ( only );
> forwarders { 10.10.10.10; 10.10.10.11; };
> 
> 
> 
> On 3/28/07, Paul England <Pengland at wxc.co.nz> wrote:
>         Hi there,
>         I have a strange issue based upon the fact that our IPv4 name
>         space was once included on old Bogons lists.
>         
>         (I'm sure that you all know what that is however - "Bogons is
>         the name used to describe ip blocks not allocated by IANA and
>         RIRs to ISPs and organizations plus all other ip blocks that
>         are reserved for private or special use by RFCs (the actual
>         term "bogons" comes from word "bogus", as in bogus ip
>         announcements).") 
>         
>         Occasionally we encounter DNS servers which are configured
>         with an out-dated Bogon list and we are unable to resolve any
>         of their domains,
>         
>         Is it possible to configure bind to forward dns requests which
>         it cannot resolve to another DNS server? 
>         
>         Any help would be greatly appreciated,
>         
>         Thank you,
>         
>         Paul England
>         Auckland, New Zealand
>         
>         
>

More information about the bind-users mailing list