The thing that brings me back to a delegation issue is the statement of slaving an external version of the second level domain the internal DNS server. I know if I was splitting a domain I would not put internal only delegations external.
-Ben Croswell On Oct 26, 2012 7:23 AM, "Sten Carlsen" <st...@s-carlsen.dk> wrote: > > On 26/10/12 12:56, Ben Croswell wrote: > > The one thing I can think of off the top of my head is to ensure the child > subdomain is properly delegated in the parent. If you try to zone level > forward a child domain on a server that loads the parent it will ignore the > forward if it can see the child doesn't exist as a true delegation. > I assume the logic is, why would I forward a subdomain I know doesn't > exist. > > I should think that internal.org... is properly delegated, so the forward > will not be concerned about a subdomain, only about the domain, that is > actually forwarded. internal.org... will then be looked up in the normal > recursive way, so another forward statement might solve this issue. > > -Ben Croswell > On Oct 26, 2012 2:17 AM, "Frank Even" <lists+isc....@elitists.org> wrote: > >> I've recently had an issue that I'm having some issues finding >> information on solving. >> >> I have internal DNS resolvers...they act as recursive name servers for >> general internet queries, but we have forwarders explicitly defined >> for specific internal zones being served by other name servers. >> >> My configuration has one particular zone configured as such: >> >> zone "internal.organization.com" IN { type forward; forward only; >> forwarders {172.x.x.x; 172.x.x.x; }; }; >> >> I have our main zone, organization.com, hosted in an external area >> outside of a firewall with a wildcard record contained in it for >> anything that is not explicitly defined. I have some services that I >> need to reach using names that are in this external zone internally. >> What I'm trying to do is to slave the organization.com zone to my >> internal recursive resolver to mitigate any possible network issues. >> >> So I setup the internal resolver as a slave for the "organization.com" >> zone and found that queries against "internal.organization.com" were >> getting answered with the wildcard for the external "organization.com" >> zone. I can't seem to figure out why the forwarders are getting >> ignored. Is it an order of precedence, say authoritative zones are >> respected over forwarders...or something else?? >> >> Thanks for any assistance anyone can provide, or point me to some >> documentation I'm missing, >> Frank >> _______________________________________________ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >> > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing > listbind-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users > > > -- > Best regards > > Sten Carlsen > > No improvements come from shouting: > "MALE BOVINE MANURE!!!" > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users