"forward first" set on a master zone not working as expected
Matus UHLAR - fantomas
uhlar at fantomas.sk
Thu Sep 3 07:51:28 UTC 2020
On 02.09.20 15:00, Taylor Vierrether via bind-users wrote:
> I am attempting to set up an internal DNS server that is authoritative for
> internal resources, but also will respond for external resources on the
> same domain that it does not have records for.
>
> For example, I have a domain sub.example.com , and I want to have internal
> entries in the BIND zone file for host1.sub.example.com and
> host2.sub.example.com. That part is working fine. However, there is a
> publicly available DNS entry for sub.example.com that I want my internal
> clients to be able to resolve, but I don’t want to have the IP in the BIND
> zone file, because the IP is dynamic.
you can delegate that entry elsewhere.
> There are also some hosts (host3.sub.example.com ) and
> (host4.sub.example.com) that are externally resolvable that I don’t want
> to put in my internal BIND file because they are not controlled by me.
> (Think CNAME to a SaaS application)
you can delegate those records somewhere.
>I’ve attempted to do this as follows, and it seems to make sense that it
> would work, but it does not.
>
>
>named.conf:
>
>zone “sub.example.com" IN {
> type master;
> file "/etc/bind/sub.example.com.zone";
> forward first;
> forwarders { 1.1.1.1; 1.0.0.1; };
>};
forwarding is not used for zone other than "type forward".
>What actually happens, is if I query for sub.example.com I get the following from nslookup:
>*** Can't find sub.example.com: No answer
if you search for "sub.example.com" record, you can not delegate that one,
of course.
you apparently should use redesign your DNS. Easiest way would be using
different domain internally.
>And if I query for host3.example.com , I get the following from nslookup:
>** server can't find host3.sub.example.com: NXDOMAIN
note that nslookup is very bad program for tracking DNS errors.
use "host" or "dig" for that case.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.
More information about the bind-users
mailing list