Forwarding problem; Forward Last?

Gabriel.Quennesson at fr.michelin.com Gabriel.Quennesson at fr.michelin.com
Fri Feb 8 09:48:28 UTC 2008 

You are right, I didn't apply it to the zone you specified;
I first disabled forwarding in the ad.sub.company.com zone by setting 
forwarders to an empty list, which did not work.
I then did the same with the sub.company.com zone, as you specified. I 
can't get it to work neither...

As for made up names, there are rather strong confidentiality issues with 
my company. Let me put here a translation of my configurations files :


/* named.conf */

forwarders { 10.0.0.1; 10.0.0.2; };

zone sub.company.com {
        type master;
        forwarders { }; #because you asked it
        file "master/myzonefile";
};

# note that the ad.sub.company.com isn't defined as such. I defined it to 
put the empty forwarder list when I read your above mail.

/* myzonefile */
/* skipping SOA block */

ad.sub.company.com.     IN NS   ns1.ad.sub.company.com.
ns1.ad.sub.company.com. IN A 192.168.0.1


This setup seems, as far as literature goes, a state of the art setup for 
delegation of a zone.
And btw yes I am probably "not applying [something] correctly". I have 
read through many mailing list, docs, books and couldn't find an answer, 
hence why I am posting her.

bind-users-bounce at isc.org wrote on 07/02/2008 23:03:01:

> 
> > I was pretty sure I tested that, but I double checked anyway.
> > It doesn't work; Or at least, it forces me to define the zone as a 
slave 
> > (or forward only) zone in named.conf, wich is not the solution I 
> > envisioned.
> > I just want to define a NS record and the corresponding A record for 
> > delegation, wich works well as long as I can't forward to my main 
> > forwarders.
> 
>    It does work.  You are just not applying it correctly.
>    Please look at the example below and apply it to the
>    corresponding zone in you heirachy.
> 
>    This is a perfect example of why one should not hide zone
>    names etc. when asking for help.  It makes it hard to
>    do the examples when one is using made up names.
> 
>    Mark
> 
> > bind-users-bounce at isc.org wrote on 07/02/2008 14:09:38:
> > 
> > > 
> > > > Hi,
> > > > (needless to say I have been looking for the answer for days 
before 
> > > > posting here).
> > > > 
> > > > I am in the process of replacing Novell Netware's repackaged Bind 
by a 
> > 
> > > > standard Linux Bind build.
> > > > My setup is quite simple :
> > > > 
> > > > Bind is authoritative for sub.company.com. It uses 2 company.com 
> > > > forwarders (which doesn't know anything about our zone and/or 
network 
> > > > apart from a couple A records it holds for external 
sub.company.com 
> > > > access. That's stupid but that's how they do.)
> > > > There is an active directory, which is named -you guessed it 
allready- 
> > 
> > > > ad.sub.company.com. Bind is not a slave for that zone, it just 
holds a 
> > NS 
> > > > and it's glue record, as follow
> > > > ad      NS      ns.ad.sub.company.com.
> > > > ns.ad.sub.company.com.  A       192.168.0.1
> > > > 
> > > > My problem is the following: when my forwarders are down or 
undefined 
> > and 
> > > > I query Bind for a record in ad.company.com, it asks 
> > ns.ad.sub.company.com 
> > > > and answer with the right answer. (read : if the forwarders are 
> > defined 
> > > > but not reachable for some reasons, like FW blocking access, the 
> > cascading 
> > > > works).
> > > > However when Bind can reach the forwarders, it just asks them for 
> > records 
> > > > in ad domain; they answer with a no such domain and resolution 
stops 
> > > > there.
> > > > 
> > > > Reading Bind's documentation (and O'reilly's book, 5th edition) I 
am 
> > not 
> > > > missing anything obvious about delegation. It might have to do 
with my 
> > 
> > > > forwarder being unaware of my setup but I don't see quite how (and 
I 
> > can't 
> > > > do anything about it).
> > > > I have not tried to make bind a slave for the AD zone. I would 
like 
> > the 
> > > > above setup to work before trying other setups.
> > > > 
> > > > Any help would be apreciated,
> > > 
> > >    turn forwarding off for the sub zone.
> > > 
> > >    zone sub.company.com {
> > >       ....
> > >       forwarders { /* empty */ };
> > >    };
> > > > 
> > > > 
> > > -- 
> > > Mark Andrews, ISC
> > > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > > PHONE: +61 2 9871 4742                 INTERNET: 
Mark_Andrews at isc.org
> > > 
> > > 
> > 
> > 
> > 
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
> 
>

More information about the bind-users mailing list