forward only recursive server doesn't forward

Mark Andrews marka at isc.org
Thu Oct 20 03:24:24 UTC 2016 

In message <CAB1R3siEjShqvCAU_JJm_RwAnU_vK==3fqjxPc+kEMMyLgcc_w at mail.gmail.com>
, Alex writes:
> Hi Mark,
> 
> On Wed, Oct 19, 2016 at 9:48 PM, Mark Andrews <marka at isc.org> wrote:
> >
> > In message <CAB1R3sjkUOzWeEbyhSF-s+J=Wfu2La2kQ513uRQu9YFi=JcC2g at mail.gmail.
> com>, Alex writes:
> >> Hi,
> >>
> >> I have a bind-9.10.3 server on fedora22 that is authoritative for a
> >> few domains and their corresponding IP ranges. I'd like to set up
> >> another domain server (rbldnsd) on a host in one of those domains as a
> >> forward-only server.
> >>
> >> The problem appears to be that the queries from the local box to the
> >> subdomain being managed by the rbldnsd server are being answered by
> >> the local bind instead of being sent to the remote machine running
> >> rbldnsd.
> >
> > Add a delegation for scann.example.com in example.com.  Forward
> > zones control *where* the queries are sent, not if queries are sent.
> 
> I'm sorry, I don't understand. This system is already a slave for the
> forward zone example.com. I just realized I forgot to include that in
> my previous post:
> 
> zone "example.com" {
>         type slave;
>         file "slaves/db.example.com";
>         masters { 64.1.1.3; };
>         allow-query { any; };
>         allow-transfer { trusted; };
> };

Add NS records for scann.example.com to example.com.  This is how
nameservers are supposed to find out which machines serve which
zones.

scann.example.com.  3600 NS <name-of-66.104.104.66>.

To go from the root zone to the org zone the root zone has a copy
of the NS records for org.

org.			60444	IN	NS	b0.org.afilias-nst.org.
org.			60444	IN	NS	a2.org.afilias-nst.info.
org.			60444	IN	NS	a0.org.afilias-nst.info.
org.			60444	IN	NS	b2.org.afilias-nst.org.
org.			60444	IN	NS	d0.org.afilias-nst.org.
org.			60444	IN	NS	c0.org.afilias-nst.info.

Similarly to go from the org zone to the isc.org zone the org zone has
a copy of the NS records for isc.org.

isc.org.		7200	IN	NS	ord.sns-pb.isc.org.
isc.org.		7200	IN	NS	ns.isc.afilias-nst.info.
isc.org.		7200	IN	NS	ams.sns-pb.isc.org.
isc.org.		7200	IN	NS	sfba.sns-pb.isc.org.

Mark

> Thanks,
> Alex
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list