Re: forward only recursive server doesn't forward
Hi, >> zone "96/28.104.104.66.in-addr.arpa" { >>type slave; >>file "slaves/db.104.104.66"; >>masters { 64.1.1.3; }; >>allow-query { any; }; >>allow-transfer { trusted; }; >> }; > > >> I set up the reverse zone a long time ago, and I don't think the "zone >> 96/28.104.104.66.in-addr.arpa" is completely correct, but it appears >> to work. I'm not sure if that's related to the problem, but would >> appreciate advice there. > > The domain 96/28.104.104.66.in-addr.arpa is completely correct, however the > DNS clients must know they have to search for this domain. > > Thus, you must ask your ISP to delegate part of > 104.104.66.in-addr.arpa to your subdomain: Yes, this I knew. I think what caused me to suspect it as somehow not being completely correct is the result from a host command: # host 66.104.104.100 100.104.104.66.in-addr.arpa is an alias for 100.96/28.104.104.66.in-addr.arpa. 100.96/28.104.104.66.in-addr.arpa domain name pointer email.example.com. It just doesn't look right. Thanks, Alex ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: forward only recursive server doesn't forward
Hi, >> >> I have a bind-9.10.3 server on fedora22 that is authoritative for a >> >> few domains and their corresponding IP ranges. I'd like to set up >> >> another domain server (rbldnsd) on a host in one of those domains as a >> >> forward-only server. >> >> >> >> The problem appears to be that the queries from the local box to the >> >> subdomain being managed by the rbldnsd server are being answered by >> >> the local bind instead of being sent to the remote machine running >> >> rbldnsd. >> > >> > Add a delegation for scann.example.com in example.com. Forward >> > zones control *where* the queries are sent, not if queries are sent. >> >> I'm sorry, I don't understand. This system is already a slave for the >> forward zone example.com. I just realized I forgot to include that in >> my previous post: >> >> zone "example.com" { >> type slave; >> file "slaves/db.example.com"; >> masters { 64.1.1.3; }; >> allow-query { any; }; >> allow-transfer { trusted; }; >> }; > > Add NS records for scann.example.com to example.com. This is how > nameservers are supposed to find out which machines serve which > zones. > > scann.example.com. 3600 NS . Thank you. I have no idea how I forgot about that part. It now appears to be working. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: forward only recursive server doesn't forward
Am 20.10.2016 um 03:27 schrieb Alex: I have a bind-9.10.3 server on fedora22 that is authoritative for a few domains and their corresponding IP ranges. I'd like to set up another domain server (rbldnsd) on a host in one of those domains as a forward-only server why on another host? it just adds latency for no gain "rbldnsd -b 127.0.0.1/1053" and it runs on the same host while the sub-zone config below is for unbound i guess it's not too hard fin dthe same for named stub-zone: name: "scann.example.com." stub-addr: 127.0.0.1@1053 [root@mail-gw:~]$ netstat -l | grep 53 tcp0 0 127.0.0.1:530.0.0.0:* LISTEN 998/unbound udp0 0 127.0.0.1:1053 0.0.0.0:* 989/rbldnsd udp0 0 127.0.0.1:530.0.0.0:* 998/unbound ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: forward only recursive server doesn't forward
On 19.10.16 21:27, Alex wrote: I have a bind-9.10.3 server on fedora22 that is authoritative for a few domains and their corresponding IP ranges. I'd like to set up another domain server (rbldnsd) on a host in one of those domains as a forward-only server. The problem appears to be that the queries from the local box to the subdomain being managed by the rbldnsd server are being answered by the local bind instead of being sent to the remote machine running rbldnsd. In other words, I believe the issue is that the host is already authoritative for the reverse zone, so there would be no reason for it to forward these queries to another system. Mark already took care of first part of your post. zone "96/28.104.104.66.in-addr.arpa" { type slave; file "slaves/db.104.104.66"; masters { 64.1.1.3; }; allow-query { any; }; allow-transfer { trusted; }; }; I set up the reverse zone a long time ago, and I don't think the "zone 96/28.104.104.66.in-addr.arpa" is completely correct, but it appears to work. I'm not sure if that's related to the problem, but would appreciate advice there. The domain 96/28.104.104.66.in-addr.arpa is completely correct, however the DNS clients must know they have to search for this domain. Thus, you must ask your ISP to delegate part of 104.104.66.in-addr.arpa to your subdomain: 96/28 IN NS your.server.name. 96 IN CNAME 96/28 97 IN CNAME 97/28 ... 111 IN CNAME 111/28 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. If Barbie is so popular, why do you have to buy her friends? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: forward only recursive server doesn't forward
In message
Re: forward only recursive server doesn't forward
Hi Mark, On Wed, Oct 19, 2016 at 9:48 PM, Mark Andrewswrote: > > In message > , Alex > writes: >> Hi, >> >> I have a bind-9.10.3 server on fedora22 that is authoritative for a >> few domains and their corresponding IP ranges. I'd like to set up >> another domain server (rbldnsd) on a host in one of those domains as a >> forward-only server. >> >> The problem appears to be that the queries from the local box to the >> subdomain being managed by the rbldnsd server are being answered by >> the local bind instead of being sent to the remote machine running >> rbldnsd. > > Add a delegation for scann.example.com in example.com. Forward > zones control *where* the queries are sent, not if queries are sent. I'm sorry, I don't understand. This system is already a slave for the forward zone example.com. I just realized I forgot to include that in my previous post: zone "example.com" { type slave; file "slaves/db.example.com"; masters { 64.1.1.3; }; allow-query { any; }; allow-transfer { trusted; }; }; Thanks, Alex ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: forward only recursive server doesn't forward
In message, Alex writes: > Hi, > > I have a bind-9.10.3 server on fedora22 that is authoritative for a > few domains and their corresponding IP ranges. I'd like to set up > another domain server (rbldnsd) on a host in one of those domains as a > forward-only server. > > The problem appears to be that the queries from the local box to the > subdomain being managed by the rbldnsd server are being answered by > the local bind instead of being sent to the remote machine running > rbldnsd. Add a delegation for scann.example.com in example.com. Forward zones control *where* the queries are sent, not if queries are sent. > In other words, I believe the issue is that the host is already > authoritative for the reverse zone, so there would be no reason for it > to forward these queries to another system. > > Here are the relevant sections of my named.conf: > > // spam IP entries > zone "scann.example.com" { > type forward; > forwarders { 66.104.104.66; }; > }; > > // zone info for 66.104.104.96/28 > zone "96/28.104.104.66.in-addr.arpa" { > type slave; > file "slaves/db.104.104.66"; > masters { 64.1.1.3; }; > allow-query { any; }; > allow-transfer { trusted; }; > }; > > Queries for abc.com.scann.example.com fail with NXDOMAIN. Log entries > are similar to this: > > 19-Oct-2016 21:22:39.846 queries: client 127.0.0.1#41809 > (abc.com.scann.example.com): query: abc.com.scann.example.com IN A + > (127.0.0.1) > > I set up the reverse zone a long time ago, and I don't think the "zone > 96/28.104.104.66.in-addr.arpa" is completely correct, but it appears > to work. I'm not sure if that's related to the problem, but would > appreciate advice there. > > Thanks, > Alex > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
forward only recursive server doesn't forward
Hi, I have a bind-9.10.3 server on fedora22 that is authoritative for a few domains and their corresponding IP ranges. I'd like to set up another domain server (rbldnsd) on a host in one of those domains as a forward-only server. The problem appears to be that the queries from the local box to the subdomain being managed by the rbldnsd server are being answered by the local bind instead of being sent to the remote machine running rbldnsd. In other words, I believe the issue is that the host is already authoritative for the reverse zone, so there would be no reason for it to forward these queries to another system. Here are the relevant sections of my named.conf: // spam IP entries zone "scann.example.com" { type forward; forwarders { 66.104.104.66; }; }; // zone info for 66.104.104.96/28 zone "96/28.104.104.66.in-addr.arpa" { type slave; file "slaves/db.104.104.66"; masters { 64.1.1.3; }; allow-query { any; }; allow-transfer { trusted; }; }; Queries for abc.com.scann.example.com fail with NXDOMAIN. Log entries are similar to this: 19-Oct-2016 21:22:39.846 queries: client 127.0.0.1#41809 (abc.com.scann.example.com): query: abc.com.scann.example.com IN A + (127.0.0.1) I set up the reverse zone a long time ago, and I don't think the "zone 96/28.104.104.66.in-addr.arpa" is completely correct, but it appears to work. I'm not sure if that's related to the problem, but would appreciate advice there. Thanks, Alex ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users