Re: delegating subname.localdomain to 127.0.0.2 on the client machine?
In article mailman.1259.1272073959.21153.bind-us...@lists.isc.org, Mark Hedges hed...@scriptdolphin.com wrote: On Wed, 21 Apr 2010, Barry Margolin wrote: The scenario is a farm of sendmail + RBL servers that have independent management and databases, but a single bind server. Sendmail etc. would do a lookup of 78.56.34.12.rbl.localdomain and it would look at localhost on 127.0.0.2, where the local RBL service listens. You need to run a caching nameserver on the sendmail machines, and point them to 127.0.0.1 in /etc/resolv.conf. The stub resolver doesn't follow delegations, it sends recursive queries and expects the server to do all the work. Actually this is not working still. Am I wasting my time? rbldnsd listens on 127.0.0.2 and answers right when queried directly for something like 1.139.214.85.countries.rbl.localdomain. named listens on 127.0.0.1, set in /etc/resolv.conf, and answers all other queries correctly, including 'horta.localdomain' set up in example below, so I know it is reading in the zone file. However, named will not delegate *.rbl.localdomain zones, and gives NXDOMAIN. Help? Thanks --mark-- You have an out-of-zone A record for rbl.localdomain. That may be causing an error when loading the zone file. // named.conf acl localdomain { 127.0.0.0/8; }; options { listen-on port 53 { 127.0.0.1; }; // listen-on-v6 port 53 { ::1; }; directory /var/named; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; // Those options should be used carefully because they disable port // randomization // query-sourceport 53; // query-source-v6 port 53; // our nameservers... forwarders { 192.168.9.86; 192.168.9.35; }; allow-transfer { localdomain; }; allow-recursion { localdomain; }; allow-query { localdomain; }; allow-query-cache { localdomain; }; }; logging { channel default_debug { file data/named.run; severity debug; }; }; view localhost_resolver { match-clients { localdomain; }; match-destinations { localdomain; }; recursion yes; include /etc/named.rfc1912.zones; }; // named.rfc1912.zones excerpt: zone localdomain IN { type master; file localdomain.zone; allow-update { none; }; }; # localdomain.zone $TTL900 @ IN SOA localhost root ( 2010042302 ; serial 5m ; refresh 5m ; retry 30m ; expiry 5m ; minimum cache ) IN NS localhost.localdomain. IN NS rbldnsd.localdomain. localhost IN A127.0.0.1 horta IN A 127.0.0.3 ; delegate rbl zones to rbl localhost ip. ; rbl listens on 127.0.0.2 so this does not cause a lookup loop. rbldnsd IN A127.0.0.2 rbl.localdomain.IN NS rbldnsd.localdomain. rbl.localdomain.IN A127.0.0.2 -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: delegating subname.localdomain to 127.0.0.2 on the client machine?
On Wed, 21 Apr 2010, Barry Margolin wrote: The scenario is a farm of sendmail + RBL servers that have independent management and databases, but a single bind server. Sendmail etc. would do a lookup of 78.56.34.12.rbl.localdomain and it would look at localhost on 127.0.0.2, where the local RBL service listens. You need to run a caching nameserver on the sendmail machines, and point them to 127.0.0.1 in /etc/resolv.conf. The stub resolver doesn't follow delegations, it sends recursive queries and expects the server to do all the work. Actually this is not working still. Am I wasting my time? rbldnsd listens on 127.0.0.2 and answers right when queried directly for something like 1.139.214.85.countries.rbl.localdomain. named listens on 127.0.0.1, set in /etc/resolv.conf, and answers all other queries correctly, including 'horta.localdomain' set up in example below, so I know it is reading in the zone file. However, named will not delegate *.rbl.localdomain zones, and gives NXDOMAIN. Help? Thanks --mark-- // named.conf acl localdomain { 127.0.0.0/8; }; options { listen-on port 53 { 127.0.0.1; }; // listen-on-v6 port 53 { ::1; }; directory /var/named; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; // Those options should be used carefully because they disable port // randomization // query-sourceport 53; // query-source-v6 port 53; // our nameservers... forwarders { 192.168.9.86; 192.168.9.35; }; allow-transfer { localdomain; }; allow-recursion { localdomain; }; allow-query { localdomain; }; allow-query-cache { localdomain; }; }; logging { channel default_debug { file data/named.run; severity debug; }; }; view localhost_resolver { match-clients { localdomain; }; match-destinations { localdomain; }; recursion yes; include /etc/named.rfc1912.zones; }; // named.rfc1912.zones excerpt: zone localdomain IN { type master; file localdomain.zone; allow-update { none; }; }; # localdomain.zone $TTL900 @ IN SOA localhost root ( 2010042302 ; serial 5m ; refresh 5m ; retry 30m ; expiry 5m ; minimum cache ) IN NS localhost.localdomain. IN NS rbldnsd.localdomain. localhost IN A127.0.0.1 horta IN A 127.0.0.3 ; delegate rbl zones to rbl localhost ip. ; rbl listens on 127.0.0.2 so this does not cause a lookup loop. rbldnsd IN A127.0.0.2 rbl.localdomain.IN NS rbldnsd.localdomain. rbl.localdomain.IN A127.0.0.2 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
delegating subname.localdomain to 127.0.0.2 on the client machine?
Hi... Is it possible to configure .localdomain to delegate a subdomain to 127.0.0.2, so that the client then tries to do a lookup from that localhost address on itself? The scenario is a farm of sendmail + RBL servers that have independent management and databases, but a single bind server. Sendmail etc. would do a lookup of 78.56.34.12.rbl.localdomain and it would look at localhost on 127.0.0.2, where the local RBL service listens. Is that possible? For lookups that work when queried directly from the client local RBL on 127.0.0.2, this causes the response no answer: view local_domains { match-clients { localhost; internal; }; match-destinations { localhost; internal; }; recursion no; include /etc/named.rfc1912.zones; }; and recursion yes causes the response NXDOMAIN. Those were better outcomes, it seemed, than response timed out when rfc1912.zones was lumped into views of the internal network and vpn domains, which have recursion for looking up external names. Mark ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: delegating subname.localdomain to 127.0.0.2 on the client machine?
In article mailman.1224.1271891255.21153.bind-us...@lists.isc.org, Mark Hedges hed...@scriptdolphin.com wrote: Hi... Is it possible to configure .localdomain to delegate a subdomain to 127.0.0.2, so that the client then tries to do a lookup from that localhost address on itself? The scenario is a farm of sendmail + RBL servers that have independent management and databases, but a single bind server. Sendmail etc. would do a lookup of 78.56.34.12.rbl.localdomain and it would look at localhost on 127.0.0.2, where the local RBL service listens. You need to run a caching nameserver on the sendmail machines, and point them to 127.0.0.1 in /etc/resolv.conf. The stub resolver doesn't follow delegations, it sends recursive queries and expects the server to do all the work. Is that possible? For lookups that work when queried directly from the client local RBL on 127.0.0.2, this causes the response no answer: view local_domains { match-clients { localhost; internal; }; match-destinations { localhost; internal; }; recursion no; include /etc/named.rfc1912.zones; }; and recursion yes causes the response NXDOMAIN. Those were better outcomes, it seemed, than response timed out when rfc1912.zones was lumped into views of the internal network and vpn domains, which have recursion for looking up external names. Mark -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: delegating subname.localdomain to 127.0.0.2 on the client machine?
On Wed, 21 Apr 2010, Barry Margolin wrote: The scenario is a farm of sendmail + RBL servers that have independent management and databases, but a single bind server. Sendmail etc. would do a lookup of 78.56.34.12.rbl.localdomain and it would look at localhost on 127.0.0.2, where the local RBL service listens. You need to run a caching nameserver on the sendmail machines, and point them to 127.0.0.1 in /etc/resolv.conf. The stub resolver doesn't follow delegations, it sends recursive queries and expects the server to do all the work. Thanks that works awesomely! --mark-- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users