Re: delegating subname.localdomain to 127.0.0.2 on the client machine?

2010-04-23 Thread Mark Hedges


On Wed, 21 Apr 2010, Barry Margolin wrote:
 
  The scenario is a farm of sendmail + RBL servers that
  have independent management and databases, but a single
  bind server.  Sendmail etc. would do a lookup of
  78.56.34.12.rbl.localdomain and it would look at
  localhost on 127.0.0.2, where the local RBL service
  listens.

 You need to run a caching nameserver on the sendmail
 machines, and point them to 127.0.0.1 in /etc/resolv.conf.
 The stub resolver doesn't follow delegations, it sends
 recursive queries and expects the server to do all the
 work.

Actually this is not working still.  Am I wasting my time?

rbldnsd listens on 127.0.0.2 and answers right when queried
directly for something like
1.139.214.85.countries.rbl.localdomain.

named listens on 127.0.0.1, set in /etc/resolv.conf, and
answers all other queries correctly, including
'horta.localdomain' set up in example below, so I know it is
reading in the zone file.

However, named will not delegate *.rbl.localdomain zones,
and gives NXDOMAIN.  Help?  Thanks --mark--

// named.conf
acl localdomain {
127.0.0.0/8;
};
options {
listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory   /var/named;
dump-file   /var/named/data/cache_dump.db;
statistics-file /var/named/data/named_stats.txt;
memstatistics-file /var/named/data/named_mem_stats.txt;

// Those options should be used carefully because they disable port
// randomization
// query-sourceport 53;
// query-source-v6 port 53;

// our nameservers...
forwarders { 192.168.9.86; 192.168.9.35; };
allow-transfer  { localdomain; };
allow-recursion { localdomain; };
allow-query { localdomain; };
allow-query-cache   { localdomain; };
};
logging {
channel default_debug {
file data/named.run;
severity debug;
};
};
view localhost_resolver {
match-clients  { localdomain; };
match-destinations { localdomain; };
recursion yes;
include /etc/named.rfc1912.zones;
};

// named.rfc1912.zones excerpt:
zone localdomain IN {
type master;
file localdomain.zone;
allow-update { none; };
};


# localdomain.zone
$TTL900
@   IN SOA  localhost root (
2010042302  ; serial
5m  ; refresh
5m  ; retry
30m ; expiry
5m  ; minimum cache
)
IN NS   localhost.localdomain.
IN NS   rbldnsd.localdomain.

localhost   IN A127.0.0.1

horta IN A 127.0.0.3

; delegate rbl zones to rbl localhost ip.
; rbl listens on 127.0.0.2 so this does not cause a lookup loop.
rbldnsd IN A127.0.0.2
rbl.localdomain.IN NS   rbldnsd.localdomain.
rbl.localdomain.IN A127.0.0.2

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


delegating subname.localdomain to 127.0.0.2 on the client machine?

2010-04-21 Thread Mark Hedges

Hi...

Is it possible to configure .localdomain to delegate a
subdomain to 127.0.0.2, so that the client then tries to do
a lookup from that localhost address on itself?

The scenario is a farm of sendmail + RBL servers that have
independent management and databases, but a single bind
server.  Sendmail etc. would do a lookup of
78.56.34.12.rbl.localdomain and it would look at localhost
on 127.0.0.2, where the local RBL service listens.

Is that possible?

For lookups that work when queried directly from the client
local RBL on 127.0.0.2,

this causes the response no answer:

 view local_domains {
 match-clients   { localhost; internal; };
 match-destinations  { localhost; internal; };
 recursion no;
 include /etc/named.rfc1912.zones;
 };

and recursion yes causes the response NXDOMAIN.

Those were better outcomes, it seemed, than response timed
out when rfc1912.zones was lumped into views of the
internal network and vpn domains, which have recursion for
looking up external names.

Mark
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Re: delegating subname.localdomain to 127.0.0.2 on the client machine?

2010-04-21 Thread Mark Hedges

On Wed, 21 Apr 2010, Barry Margolin wrote:
 
  The scenario is a farm of sendmail + RBL servers that
  have independent management and databases, but a single
  bind server.  Sendmail etc. would do a lookup of
  78.56.34.12.rbl.localdomain and it would look at
  localhost on 127.0.0.2, where the local RBL service
  listens.

 You need to run a caching nameserver on the sendmail
 machines, and point them to 127.0.0.1 in /etc/resolv.conf.
 The stub resolver doesn't follow delegations, it sends
 recursive queries and expects the server to do all the
 work.

Thanks that works awesomely!  --mark--
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users