Trouble configuring forwarders for reverse zones.

Callum Millard callum at swarthmore.org.uk
Tue Apr 7 15:37:43 UTC 2009 

First of, apologies for any misuse of terms: it does keep tying me it knots
this here DNS business.

We're a small-ish educational charity and have the following setup.

There are two subnets, 10.5.0.0/16 & 10.6.0.0/16 each with a Windows 2003
server running an MS nameserver.  They handle all requests for internal
queries for the subdomains internal1.our-net.org.local &
internal2.our-net.org.local: eg. What is the IP for
PC10.internal1.our-net.org.local?  Any requests outside these subdomains,
are passed on to our Bind nameserver.  They also merrily deal with reverse
queries, eg. Who is 10.6.0.12?, dealing with it when the nameserver is
authoritative for the subdomain, & forwarding the request when necessary. 

A Fedora server on a third subnet running bind 9 (bind-9.5.1-2.P2.fc9.i386)
is authoritative for our-net.org.local and also acts as a caching nameserver
for external name resolving. Currently, it happily forwards any requests for
the internal1 & 2 subdomains to the relevant Windows servers: either
10.5.0.1 or 10.6.0.1.

The problem I'm having is getting the Bind server to forward reverse
requests for addresses in 10.5.0.0/16 or 10.6.0.0/16 to the correct Windows
server.  As I said, the forward queries are forwarded to the correct Windows
nameservers, but I can't get it to do the same for the reverse queries.
Instead, there's a steady flow of requests disappearing off to the lonely
land of prisoner.iana.org and it's colonies.

I've trawled the Interweb for the solution, and have tried every variation I
can think of, but none seem to work.  Doubtless it's just a line or twp of
text, but what that is escapes me.  Below is a copy of the relevant bits of
my named.conf and any help would be very much appreciated.

Thanks in advance,

C.


Edited highlights of /etc/named.conf ->

options {
	directory "/var/named";
	dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
	allow-recursion {10.0.0.0/8; 127.0.0.1; };
};



.... ... .. . Snip!

Snip! . .. ... ....


Zone "internal1.our-net.org.local" IN {
        type forward;
	forwarders {10.5.0.1; 10.6.0.1;};
};


Zone "internal2.our-net.org.local" IN {
        type forward;
	forwarders {10.6.0.1; 10.5.0.1;};
};


//I've tried a variety of versions of this next line:
//zone "16/0.0.5.10.in-addr.arpa."
//zone "5.10.in-addr.arpa."
//zone "0.0.5.10.in-addr.arpa."
//Etc., etc.
zone "16/0.0.5.10.in-addr.arpa." IN {

        type forward;
	forwarders {10.5.0.1;};
};

zone "16/0.0.6.10.in-addr.arpa." IN {

        type forward;
	forwarders {10.6.0.1;};
};

More information about the bind-users mailing list