forwarder is ignored when authoritative zone is added
Ben Croswell
ben.croswell at gmail.com
Fri Oct 26 10:56:18 UTC 2012
The one thing I can think of off the top of my head is to ensure the child
subdomain is properly delegated in the parent. If you try to zone level
forward a child domain on a server that loads the parent it will ignore the
forward if it can see the child doesn't exist as a true delegation.
I assume the logic is, why would I forward a subdomain I know doesn't exist.
-Ben Croswell
On Oct 26, 2012 2:17 AM, "Frank Even" <lists+isc.org at elitists.org> wrote:
> I've recently had an issue that I'm having some issues finding
> information on solving.
>
> I have internal DNS resolvers...they act as recursive name servers for
> general internet queries, but we have forwarders explicitly defined
> for specific internal zones being served by other name servers.
>
> My configuration has one particular zone configured as such:
>
> zone "internal.organization.com" IN { type forward; forward only;
> forwarders {172.x.x.x; 172.x.x.x; }; };
>
> I have our main zone, organization.com, hosted in an external area
> outside of a firewall with a wildcard record contained in it for
> anything that is not explicitly defined. I have some services that I
> need to reach using names that are in this external zone internally.
> What I'm trying to do is to slave the organization.com zone to my
> internal recursive resolver to mitigate any possible network issues.
>
> So I setup the internal resolver as a slave for the "organization.com"
> zone and found that queries against "internal.organization.com" were
> getting answered with the wildcard for the external "organization.com"
> zone. I can't seem to figure out why the forwarders are getting
> ignored. Is it an order of precedence, say authoritative zones are
> respected over forwarders...or something else??
>
> Thanks for any assistance anyone can provide, or point me to some
> documentation I'm missing,
> Frank
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20121026/e99a4bd3/attachment.html>
More information about the bind-users
mailing list