Configuring a domain slave to look up subdomain hosts

Mark Andrews marka at isc.org
Tue Feb 28 01:26:46 UTC 2012 


In message <CEF5D429141640A98F49787BA758366F at netadmin.bart.gov>, "Mike Bernhardt
" writes:
> I have a domain and a subdomain which is delegated by the
> 
> I am trying to figure out the correct way to have the slave of a parent
> domain look up hosts in a subdomain managed by others. I'm running BIND
> 9.8.1-P1. The current working configuration for the subdomain is this:
> 
> options {
>         directory "/var/named";
>         allow-recursion { any; };
>         allow-query { any; };
>         allow-query-cache { any; };
>         forwarders { 148.165.3.10; };
>         forward only;
>         recursive-clients 2000;
>         zone-statistics yes;
> };
> 
> zone "domain.com" {
>         type slave;
>         masters { 10.130.1.30; };
>         file "db.domain";
>         forwarders { };
> };
> 
> But using "forwarders" doesn't seem like the correct way to do it.

Well it is a correct way to do it.  It turns *off* the global
override on normal resolution for the name space covered by domain.com.
I normally use "forwarders { /* empty */ };" so that it is easier
to see that it is supposed to be a empty list.

> It's in
> the options in order to forward internet queries to our external name server
> instead of to the root servers, which aren't accessible from inside. I've
> been messing with stub zones but that doesn't seem to work:
> 
> zone "domain.com" {
>         type slave;
>         masters { 10.130.1.30; };
>         file "db.domain";
> };
> zone "subdomain.domain.com" {
>         type stub;
>         masters { 10.2.241.101; 10.2.242.222; };
>         file "db.subdomain";
> };
> 
> With this configuration, the zone file for subdomain.domain.com is correctly
> created but when I run tcpdump I can see that queries for
> host.subdomain.domain.com are being forwarded to 148.165.3.10, not to the
> subdomain name servers. The result of course is NXDOMAIN.
> 
> With forwarders set for the zone domain.com, the slave queries the zone
> master, which then queries the subdomain name server as it should. So the
> stub zone is apparently being ignored.
> 
> What is wrong? Perhaps I'm misunderstanding the purpose of stub zones? Let
> me know if you need additional config details.
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list