Forwarding problem; Forward Last?
Gabriel.Quennesson at fr.michelin.com
Gabriel.Quennesson at fr.michelin.com
Fri Feb 8 09:48:28 UTC 2008
You are right, I didn't apply it to the zone you specified;
I first disabled forwarding in the ad.sub.company.com zone by setting
forwarders to an empty list, which did not work.
I then did the same with the sub.company.com zone, as you specified. I
can't get it to work neither...
As for made up names, there are rather strong confidentiality issues with
my company. Let me put here a translation of my configurations files :
/* named.conf */
forwarders { 10.0.0.1; 10.0.0.2; };
zone sub.company.com {
type master;
forwarders { }; #because you asked it
file "master/myzonefile";
};
# note that the ad.sub.company.com isn't defined as such. I defined it to
put the empty forwarder list when I read your above mail.
/* myzonefile */
/* skipping SOA block */
ad.sub.company.com. IN NS ns1.ad.sub.company.com.
ns1.ad.sub.company.com. IN A 192.168.0.1
This setup seems, as far as literature goes, a state of the art setup for
delegation of a zone.
And btw yes I am probably "not applying [something] correctly". I have
read through many mailing list, docs, books and couldn't find an answer,
hence why I am posting her.
bind-users-bounce at isc.org wrote on 07/02/2008 23:03:01:
>
> > I was pretty sure I tested that, but I double checked anyway.
> > It doesn't work; Or at least, it forces me to define the zone as a
slave
> > (or forward only) zone in named.conf, wich is not the solution I
> > envisioned.
> > I just want to define a NS record and the corresponding A record for
> > delegation, wich works well as long as I can't forward to my main
> > forwarders.
>
> It does work. You are just not applying it correctly.
> Please look at the example below and apply it to the
> corresponding zone in you heirachy.
>
> This is a perfect example of why one should not hide zone
> names etc. when asking for help. It makes it hard to
> do the examples when one is using made up names.
>
> Mark
>
> > bind-users-bounce at isc.org wrote on 07/02/2008 14:09:38:
> >
> > >
> > > > Hi,
> > > > (needless to say I have been looking for the answer for days
before
> > > > posting here).
> > > >
> > > > I am in the process of replacing Novell Netware's repackaged Bind
by a
> >
> > > > standard Linux Bind build.
> > > > My setup is quite simple :
> > > >
> > > > Bind is authoritative for sub.company.com. It uses 2 company.com
> > > > forwarders (which doesn't know anything about our zone and/or
network
> > > > apart from a couple A records it holds for external
sub.company.com
> > > > access. That's stupid but that's how they do.)
> > > > There is an active directory, which is named -you guessed it
allready-
> >
> > > > ad.sub.company.com. Bind is not a slave for that zone, it just
holds a
> > NS
> > > > and it's glue record, as follow
> > > > ad NS ns.ad.sub.company.com.
> > > > ns.ad.sub.company.com. A 192.168.0.1
> > > >
> > > > My problem is the following: when my forwarders are down or
undefined
> > and
> > > > I query Bind for a record in ad.company.com, it asks
> > ns.ad.sub.company.com
> > > > and answer with the right answer. (read : if the forwarders are
> > defined
> > > > but not reachable for some reasons, like FW blocking access, the
> > cascading
> > > > works).
> > > > However when Bind can reach the forwarders, it just asks them for
> > records
> > > > in ad domain; they answer with a no such domain and resolution
stops
> > > > there.
> > > >
> > > > Reading Bind's documentation (and O'reilly's book, 5th edition) I
am
> > not
> > > > missing anything obvious about delegation. It might have to do
with my
> >
> > > > forwarder being unaware of my setup but I don't see quite how (and
I
> > can't
> > > > do anything about it).
> > > > I have not tried to make bind a slave for the AD zone. I would
like
> > the
> > > > above setup to work before trying other setups.
> > > >
> > > > Any help would be apreciated,
> > >
> > > turn forwarding off for the sub zone.
> > >
> > > zone sub.company.com {
> > > ....
> > > forwarders { /* empty */ };
> > > };
> > > >
> > > >
> > > --
> > > Mark Andrews, ISC
> > > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > > PHONE: +61 2 9871 4742 INTERNET:
Mark_Andrews at isc.org
> > >
> > >
> >
> >
> >
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
>
>
More information about the bind-users
mailing list