forwarder is ignored when authoritative zone is added
Ben Croswell
ben.croswell at gmail.com
Fri Oct 26 11:33:46 UTC 2012
The thing that brings me back to a delegation issue is the statement of
slaving an external version of the second level domain the internal DNS
server. I know if I was splitting a domain I would not put internal only
delegations external.
-Ben Croswell
On Oct 26, 2012 7:23 AM, "Sten Carlsen" <stenc at s-carlsen.dk> wrote:
>
> On 26/10/12 12:56, Ben Croswell wrote:
>
> The one thing I can think of off the top of my head is to ensure the child
> subdomain is properly delegated in the parent. If you try to zone level
> forward a child domain on a server that loads the parent it will ignore the
> forward if it can see the child doesn't exist as a true delegation.
> I assume the logic is, why would I forward a subdomain I know doesn't
> exist.
>
> I should think that internal.org... is properly delegated, so the forward
> will not be concerned about a subdomain, only about the domain, that is
> actually forwarded. internal.org... will then be looked up in the normal
> recursive way, so another forward statement might solve this issue.
>
> -Ben Croswell
> On Oct 26, 2012 2:17 AM, "Frank Even" <lists+isc.org at elitists.org> wrote:
>
>> I've recently had an issue that I'm having some issues finding
>> information on solving.
>>
>> I have internal DNS resolvers...they act as recursive name servers for
>> general internet queries, but we have forwarders explicitly defined
>> for specific internal zones being served by other name servers.
>>
>> My configuration has one particular zone configured as such:
>>
>> zone "internal.organization.com" IN { type forward; forward only;
>> forwarders {172.x.x.x; 172.x.x.x; }; };
>>
>> I have our main zone, organization.com, hosted in an external area
>> outside of a firewall with a wildcard record contained in it for
>> anything that is not explicitly defined. I have some services that I
>> need to reach using names that are in this external zone internally.
>> What I'm trying to do is to slave the organization.com zone to my
>> internal recursive resolver to mitigate any possible network issues.
>>
>> So I setup the internal resolver as a slave for the "organization.com"
>> zone and found that queries against "internal.organization.com" were
>> getting answered with the wildcard for the external "organization.com"
>> zone. I can't seem to figure out why the forwarders are getting
>> ignored. Is it an order of precedence, say authoritative zones are
>> respected over forwarders...or something else??
>>
>> Thanks for any assistance anyone can provide, or point me to some
>> documentation I'm missing,
>> Frank
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing listbind-users at lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users
>
>
> --
> Best regards
>
> Sten Carlsen
>
> No improvements come from shouting:
> "MALE BOVINE MANURE!!!"
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20121026/45b09c3e/attachment.html>
More information about the bind-users
mailing list