Problem getting "forwarders" section in named.conf.options to work

Dawn Connelly dawn.connelly at gmail.com
Mon Jul 28 00:41:14 UTC 2008 

It depends on how you have them set up. There are two statements that you
need to make forwarders work correctly:
forward
 forward ( only | first );

*forward* is only relevant in conjunction with a valid
forwarders<http://www.zytrax.com/books/dns/ch7/queries.html#forwarders>option.
If set to 'only' the server will only forward queries, if set to
'first' (default) it will send the queries to the forwarder and if not
answered will attempt to find an answer. This statement may be used in a
zone <http://www.zytrax.com/books/dns/ch7/zone.html>,
view<http://www.zytrax.com/books/dns/ch7/view.html>or a global
options <http://www.zytrax.com/books/dns/ch7/options.html> clause.
 forwarders

 forwarders { ip_addr [port ip_port] ; [ ip_addr [port ip_port] ; ... ] };
 forwarders { 10.2.3.4; 192.168.2.5; };

*forwarders* defines a list of IP address(es) (and optional port numbers) to
which queries will be forwarded. Only relevant when used with the related *
forward* statement. This statement may be used in a
zone<http://www.zytrax.com/books/dns/ch7/zone.html>,
view <http://www.zytrax.com/books/dns/ch7/view.html> or a global
options<http://www.zytrax.com/books/dns/ch7/options.html>clause.

http://www.zytrax.com/books/dns/ch7/queries.html


On Sun, Jul 27, 2008 at 5:01 PM, Adam Olsen <arolsen at gmail.com> wrote:

> Sorry, forgot to ask.  I guess I may misunderstand what the forwarders
> directive is supposed to do?
>
>
> On Sun, Jul 27, 2008 at 6:01 PM, Adam Olsen <arolsen at gmail.com> wrote:
>
>> Andy, Dawn,
>>
>> Thanks!  Now sendoutcards.com is resolving, but it's acting kind of
>> weird.  I'm not sure if it has to do with the DNS configuration or not.
>> pinging sendoutcards.com or mail.sendoutcards.com gives the correct
>> address, but the ping command hangs.  I can't even press CTRL+C to stop it.
>> Pinging the IP alone does not cause this problem.
>>
>> I don't know if this matters much, it seems I can connect to the various
>> important ports just fine.
>>
>> Thanks again
>>
>>
>> On Sun, Jul 27, 2008 at 5:27 PM, Dawn Connelly <dawn.connelly at gmail.com>wrote:
>>
>>> Sorry, forgot to mention that you need to change the recursion no; to
>>> recursion yes; first...then it will read the allow-recursion statement.
>>>
>>>
>>> On Sun, Jul 27, 2008 at 4:24 PM, Dawn Connelly <dawn.connelly at gmail.com>
>>> wrote:
>>>
>>>> Actually you will probably want to use either an @ or
>>>> sendoutcards.com....so either of these should work
>>>> @  IN  A  206.71.90.5
>>>> or
>>>> sendoutcards.com. IN A 206.71.90.5 {notice the dot at the end of the
>>>> domain...if you don't have the dot at the end, it won't work}
>>>>
>>>> As far as getting other machines to be able to query your DNS server for
>>>> records it isn't authoritative for, you need to enable recursion. PLEASE
>>>> MAKE SURE YOU LIMIT THE IPS THAT CAN MAKE RECURSIVE QUERIES!
>>>>
>>>> Rather than:
>>>>
>>>> recursion no;
>>>>
>>>> It needs to be:
>>>> allow-recurions { internal_networks };
>>>>
>>>> Then create a ACL in your options section with:
>>>> acl "internal_networks" {
>>>>      10.0.0.0/8;
>>>>
>>>>
>>>>
>>>>
>>>>      172.16.0.0/12;
>>>>      192.168.0.0/16;
>>>>      127.0.0.0/8;
>>>>
>>>>
>>>>
>>>> };
>>>>
>>>> Make sure to list out all the subnets that make up your internal network.
>>>>
>>>>
>>>>
>>>> On Sun, Jul 27, 2008 at 4:07 PM, Andy Shellam <
>>>> andy.shellam-lists at mailnetwork.co.uk> wrote:
>>>>
>>>>> Hi Adam,
>>>>>
>>>>> I cannot help with the forwarders, but I think the reason you're not
>>>>> being able to ping "sendoutcards.com" is because it's not defined in
>>>>> your zone file for this reason: a blank "name" field (the first field
>>>>> of
>>>>> a record) tells Bind to use the previous record's name again.
>>>>>
>>>>> So here:
>>>>>
>>>>> nas1        NS  nas1.sendoutcards.com.
>>>>>
>>>>>            A   206.71.90.5
>>>>> www         A   206.71.90.5
>>>>>
>>>>>
>>>>> what you're telling Bind is that "nas1" has an NS record of
>>>>> nas1.sendoutcards.com., and an A record of 206.71.90.5.
>>>>> Try either putting "A 206.71.90.5" after your MX record, or I believe
>>>>> you can use a "." to indicate the root of the zone (e.g. ". A
>>>>> 206.71.90.5")
>>>>>
>>>>> Hope this helps one of your queries,
>>>>>
>>>>> Andy
>>>>>
>>>>> Adam Olsen wrote:
>>>>> > I'm having a bit of trouble with a few things in my configuration.  I
>>>>> > am trying to set up DNS for the sendoutcards.com domain, including
>>>>> > mail.
>>>>> >
>>>>> > Here is my zone file:
>>>>> >
>>>>> > $TTL    604800
>>>>> > @           IN      SOA ns2.sendoutcards.com. root.sendoutcards.com.
>>>>> (
>>>>> >            20080532     ; Serial
>>>>> >                          604800         ; Refresh
>>>>> >                           86400         ; Retry
>>>>> >                         2419200         ; Expire
>>>>> >                          604800 )       ; Negative Cache TTL
>>>>> > ;
>>>>> >
>>>>> >             MX  10  mail.sendoutcards.com.
>>>>> >             NS  ns2.sendoutcards.com.
>>>>> > nas1        NS  nas1.sendoutcards.com.
>>>>> >
>>>>> >             A   206.71.90.5
>>>>> > www         A   206.71.90.5
>>>>> > mail        A   206.71.90.6
>>>>> > swetesoc    A   10.1.1.3
>>>>> > web4        A   10.1.1.11
>>>>> > carl        A   10.1.1.7
>>>>> > fs2         A   10.1.1.18
>>>>> > masterdb    A   10.1.1.12
>>>>> > slavedb     A   10.1.1.13
>>>>> > nappy       A   10.1.1.4
>>>>> > nas1        A   10.1.1.24
>>>>> >
>>>>> > This is on the secondary dns server.  With this setup, I can ping
>>>>> > mail.sendoutcards.com, www.sendoutcards.com, but not plain
>>>>> > 'sendoutcards.com'.  Also, if I set up a remote machine to use this
>>>>> > DNS server in /etc/resolv.conf, that machine cannot ping 'google.com
>>>>> '
>>>>> > (the log on the DNS server says 'query (cache) denied'.
>>>>> >
>>>>> > I tried setting up forwarders {};  in named.conf.options to my ISP
>>>>> > assigned DNS servers, but if I do that, my zone file seems to get
>>>>> > ignored entirely.
>>>>> >
>>>>> > I know I'm probably doing this wrong, but there are so many examples
>>>>> > on the net with so many different formats to use in the zone file.
>>>>> > Any help here would be appreciated.
>>>>> >
>>>>> > --
>>>>> > Adam Olsen
>>>>> > SendOutCards.com
>>>>> > http://www.vimtips.org
>>>>> > http://last.fm/user/synic
>>>>> >
>>>>> >
>>>>> >
>>>>>
>>>>>
>>>>
>>>
>>
>>
>> --
>> Adam Olsen
>> SendOutCards.com
>> http://www.vimtips.org
>> http://last.fm/user/synic
>>
>
>
>
> --
> Adam Olsen
> SendOutCards.com
> http://www.vimtips.org
> http://last.fm/user/synic
>

More information about the bind-users mailing list