redirecting root hints to fake internal root server
Colin Harvey
colinedwardharvey at yahoo.com
Tue Aug 27 18:25:42 UTC 2013
dig +trace host.internal.hostname.com responds with a list of authoritative nameservers for the zone and the error "dig: couldn't get address for ns1.corporate.hostname.com" where the error cycles through all four of the authoritative nameservers.
Also ns1.corporate.hostname.com is not 192.168.1.1.
Colin
From: Colin Harvey <colinedwardharvey at yahoo.com>
To: "WBrown at e1b.org" <WBrown at e1b.org>
Cc: "bind-users-bounces+wbrown=e1b.org at lists.isc.org" <bind-users-bounces+wbrown=e1b.org at lists.isc.org>; bind users <bind-users at lists.isc.org>
Sent: Tuesday, August 27, 2013 2:13 PM
Subject: Re: redirecting root hints to fake internal root server
Thanks. But I already have that option for the internal.hostname.com zone. Still not seeing traffic going to 192.168.1.1.
Colin
From: "WBrown at e1b.org" <WBrown at e1b.org>
To: Colin Harvey <colinedwardharvey at yahoo.com>
Cc: bind users <bind-users at lists.isc.org>; bind-users-bounces+wbrown=e1b.org at lists.isc.org
Sent: Tuesday, August 27, 2013 1:20 PM
Subject: Re: redirecting root hints to fake internal root server
From: Colin Harvey <colinedwardharvey at yahoo.com>
> My environment is firewalled from the real world. For queries on
> zones to which I'm not master, I want to recurse to a corporate
> server. nslookup some.internal.hostname.com
> internal.corporate.server works fine. Setting "." to use this
> internal server in the root.hints file does not. In fact I do not
> even see my system trying to recurse. (I'm looking at network
> traffic with a sniffer.)
>
> My root.hints:
>
> . 600 IN NS internal.corporate.server.
> internal.corporate.server. 600 IN A 192.168.1.1
>
>
> Alternatively I've setup a forwarding zone in named.conf to query
> 192.168.1.1 for 'internal.hostname.com'. When monitoring the
> network for udp data over port 53, I'm not even seeing the query
> being forwarded. Why?
Add these lines to your options section:
forward only;
forwarders {192.168.1.1;};
see
ftp://ftp.isc.org/isc/bind9/9.9.3-P2/doc/arm/Bv9ARM.ch06.html#id2578567
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-usersto unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130827/a4beab56/attachment.html>
More information about the bind-users
mailing list