subject:"forward only recursive server doesn't forward"

Re: forward only recursive server doesn't forward

2016-10-20 Thread Alex

Hi,

>> zone "96/28.104.104.66.in-addr.arpa" {
>>type slave;
>>file "slaves/db.104.104.66";
>>masters { 64.1.1.3; };
>>allow-query { any; };
>>allow-transfer { trusted; };
>> };
>
>
>> I set up the reverse zone a long time ago, and I don't think the "zone
>> 96/28.104.104.66.in-addr.arpa" is completely correct, but it appears
>> to work. I'm not sure if that's related to the problem, but would
>> appreciate advice there.
>
> The domain 96/28.104.104.66.in-addr.arpa is completely correct, however the
> DNS clients must know they have to search for this domain.
>
> Thus, you must ask your ISP to delegate part of
> 104.104.66.in-addr.arpa to your subdomain:

Yes, this I knew. I think what caused me to suspect it as somehow not
being completely correct is the result from a host command:

# host 66.104.104.100
100.104.104.66.in-addr.arpa is an alias for 100.96/28.104.104.66.in-addr.arpa.
100.96/28.104.104.66.in-addr.arpa domain name pointer email.example.com.

It just doesn't look right.

Thanks,
Alex
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: forward only recursive server doesn't forward

2016-10-20 Thread Alex

Hi,

>> >> I have a bind-9.10.3 server on fedora22 that is authoritative for a
>> >> few domains and their corresponding IP ranges. I'd like to set up
>> >> another domain server (rbldnsd) on a host in one of those domains as a
>> >> forward-only server.
>> >>
>> >> The problem appears to be that the queries from the local box to the
>> >> subdomain being managed by the rbldnsd server are being answered by
>> >> the local bind instead of being sent to the remote machine running
>> >> rbldnsd.
>> >
>> > Add a delegation for scann.example.com in example.com.  Forward
>> > zones control *where* the queries are sent, not if queries are sent.
>>
>> I'm sorry, I don't understand. This system is already a slave for the
>> forward zone example.com. I just realized I forgot to include that in
>> my previous post:
>>
>> zone "example.com" {
>> type slave;
>> file "slaves/db.example.com";
>> masters { 64.1.1.3; };
>> allow-query { any; };
>> allow-transfer { trusted; };
>> };
>
> Add NS records for scann.example.com to example.com.  This is how
> nameservers are supposed to find out which machines serve which
> zones.
>
> scann.example.com.  3600 NS .

Thank you. I have no idea how I forgot about that part. It now appears
to be working.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: forward only recursive server doesn't forward

2016-10-20 Thread Reindl Harald




Am 20.10.2016 um 03:27 schrieb Alex:

I have a bind-9.10.3 server on fedora22 that is authoritative for a
few domains and their corresponding IP ranges. I'd like to set up
another domain server (rbldnsd) on a host in one of those domains as a
forward-only server


why on another host?
it just adds latency for no gain

"rbldnsd -b 127.0.0.1/1053" and it runs on the same host while the 
sub-zone config below is for unbound i guess it's not too hard fin dthe 
same for named


stub-zone:
 name: "scann.example.com."
 stub-addr: 127.0.0.1@1053


[root@mail-gw:~]$ netstat -l | grep 53
tcp0  0 127.0.0.1:530.0.0.0:* 
LISTEN  998/unbound
udp0  0 127.0.0.1:1053  0.0.0.0:* 
   989/rbldnsd
udp0  0 127.0.0.1:530.0.0.0:* 
   998/unbound

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: forward only recursive server doesn't forward

2016-10-20 Thread Matus UHLAR - fantomas


On 19.10.16 21:27, Alex wrote:

I have a bind-9.10.3 server on fedora22 that is authoritative for a
few domains and their corresponding IP ranges. I'd like to set up
another domain server (rbldnsd) on a host in one of those domains as a
forward-only server.



The problem appears to be that the queries from the local box to the
subdomain being managed by the rbldnsd server are being answered by
the local bind instead of being sent to the remote machine running
rbldnsd.



In other words, I believe the issue is that the host is already
authoritative for the reverse zone, so there would be no reason for it
to forward these queries to another system.


Mark already took care of first part of your post.


zone "96/28.104.104.66.in-addr.arpa" {
   type slave;
   file "slaves/db.104.104.66";
   masters { 64.1.1.3; };
   allow-query { any; };
   allow-transfer { trusted; };
};




I set up the reverse zone a long time ago, and I don't think the "zone
96/28.104.104.66.in-addr.arpa" is completely correct, but it appears
to work. I'm not sure if that's related to the problem, but would
appreciate advice there.


The domain 96/28.104.104.66.in-addr.arpa is completely correct, however the
DNS clients must know they have to search for this domain.

Thus, you must ask your ISP to delegate part of 


104.104.66.in-addr.arpa to your subdomain:

96/28   IN  NS  your.server.name.
96  IN  CNAME   96/28
97  IN  CNAME   97/28
...
111 IN  CNAME   111/28


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy her friends? 
___

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: forward only recursive server doesn't forward

2016-10-19 Thread Mark Andrews


In message

Re: forward only recursive server doesn't forward

2016-10-19 Thread Alex

Hi Mark,

On Wed, Oct 19, 2016 at 9:48 PM, Mark Andrews  wrote:
>
> In message 
> , Alex 
> writes:
>> Hi,
>>
>> I have a bind-9.10.3 server on fedora22 that is authoritative for a
>> few domains and their corresponding IP ranges. I'd like to set up
>> another domain server (rbldnsd) on a host in one of those domains as a
>> forward-only server.
>>
>> The problem appears to be that the queries from the local box to the
>> subdomain being managed by the rbldnsd server are being answered by
>> the local bind instead of being sent to the remote machine running
>> rbldnsd.
>
> Add a delegation for scann.example.com in example.com.  Forward
> zones control *where* the queries are sent, not if queries are sent.

I'm sorry, I don't understand. This system is already a slave for the
forward zone example.com. I just realized I forgot to include that in
my previous post:

zone "example.com" {
type slave;
file "slaves/db.example.com";
masters { 64.1.1.3; };
allow-query { any; };
allow-transfer { trusted; };
};

Thanks,
Alex
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: forward only recursive server doesn't forward

2016-10-19 Thread Mark Andrews


In message 
, Alex 
writes:
> Hi,
> 
> I have a bind-9.10.3 server on fedora22 that is authoritative for a
> few domains and their corresponding IP ranges. I'd like to set up
> another domain server (rbldnsd) on a host in one of those domains as a
> forward-only server.
> 
> The problem appears to be that the queries from the local box to the
> subdomain being managed by the rbldnsd server are being answered by
> the local bind instead of being sent to the remote machine running
> rbldnsd.

Add a delegation for scann.example.com in example.com.  Forward
zones control *where* the queries are sent, not if queries are sent.

> In other words, I believe the issue is that the host is already
> authoritative for the reverse zone, so there would be no reason for it
> to forward these queries to another system.
> 
> Here are the relevant sections of my named.conf:
> 
> // spam IP entries
> zone "scann.example.com" {
> type forward;
> forwarders { 66.104.104.66; };
> };
> 
> // zone info for 66.104.104.96/28
> zone "96/28.104.104.66.in-addr.arpa" {
> type slave;
> file "slaves/db.104.104.66";
> masters { 64.1.1.3; };
> allow-query { any; };
> allow-transfer { trusted; };
> };
> 
> Queries for abc.com.scann.example.com fail with NXDOMAIN. Log entries
> are similar to this:
> 
> 19-Oct-2016 21:22:39.846 queries: client 127.0.0.1#41809
> (abc.com.scann.example.com): query: abc.com.scann.example.com IN A +
> (127.0.0.1)
> 
> I set up the reverse zone a long time ago, and I don't think the "zone
> 96/28.104.104.66.in-addr.arpa" is completely correct, but it appears
> to work. I'm not sure if that's related to the problem, but would
> appreciate advice there.
> 
> Thanks,
> Alex
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

forward only recursive server doesn't forward

2016-10-19 Thread Alex

Hi,

I have a bind-9.10.3 server on fedora22 that is authoritative for a
few domains and their corresponding IP ranges. I'd like to set up
another domain server (rbldnsd) on a host in one of those domains as a
forward-only server.

The problem appears to be that the queries from the local box to the
subdomain being managed by the rbldnsd server are being answered by
the local bind instead of being sent to the remote machine running
rbldnsd.

In other words, I believe the issue is that the host is already
authoritative for the reverse zone, so there would be no reason for it
to forward these queries to another system.

Here are the relevant sections of my named.conf:

// spam IP entries
zone "scann.example.com" {
type forward;
forwarders { 66.104.104.66; };
};

// zone info for 66.104.104.96/28
zone "96/28.104.104.66.in-addr.arpa" {
type slave;
file "slaves/db.104.104.66";
masters { 64.1.1.3; };
allow-query { any; };
allow-transfer { trusted; };
};

Queries for abc.com.scann.example.com fail with NXDOMAIN. Log entries
are similar to this:

19-Oct-2016 21:22:39.846 queries: client 127.0.0.1#41809
(abc.com.scann.example.com): query: abc.com.scann.example.com IN A +
(127.0.0.1)

I set up the reverse zone a long time ago, and I don't think the "zone
96/28.104.104.66.in-addr.arpa" is completely correct, but it appears
to work. I'm not sure if that's related to the problem, but would
appreciate advice there.

Thanks,
Alex
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: forward only recursive server doesn't forward

Re: forward only recursive server doesn't forward

Re: forward only recursive server doesn't forward

Re: forward only recursive server doesn't forward

Re: forward only recursive server doesn't forward

Re: forward only recursive server doesn't forward

Re: forward only recursive server doesn't forward

forward only recursive server doesn't forward

8 matches

Site Navigation

Mail list logo

Footer information