Re: zone forwarding
Hi!
On 1/17/22 11:46, ONRUBIA AVILES Carlos (CCS/MST) wrote:
>
> Hello,
>
>
>
> Maybe someone can help me with the following problem:
>
>
>
> My name server is authoritative with the following domain “toto.be”:
>
> zone "toto.be." {
>
> type master;
>
> file "/etc/masterdns.db";
>
>
>
> But I would like that a subdomain “titi.toto.be” is not searched in my
> masterdns.db file but via the normal process via internet.
>
>
>
> I have tried to 2 solutions but it do not work:
>
>
>
> 1. Adding a forward for this subdomain:
>
>
>
> zone "titi.toto.be." {
>
> type forward;
>
> forwarders {1.2.3.4; 5.6.7.8;}; (ip’s from dsn cache servers)
>
> forward only;
>
> };
>
>
>
> * Seems not to work. Not possible to add a subdomain forwarding?
>
No, because authoritative zone knows what is inside the zone and what is
not there. If titi.toto.be is not in the zone, it would respond NXDOMAIN
on any name under it. Regardless of forwarders specified. If specified
forwarders are authoritative for the titi.toto.be zone, just direct any
server there. Note those cache servers would be contacted by any
recursive servers from the internet, they have to be reachable and allow
queries to that zone from anyone.
>
>
> 2. Using directly the cache servers as NS:
>
>
>
> Cache.proximus.be. IN A 1.2.3.4
>
> Cache.proximus.be. IN A 5.6.7.8
>
> Titi.toto.be. IN NS cache.proximus.be.
>
>
>
> * Not always working as if “titi.toto.be” is not at this moment in
> the cache, the cache will answer SERVFAIL and not do the
> recursion. (I guess the query via this method is done with flag
> “Recursion Desired” set to false)
>
>
>
>
>
> So my question is: Is it possible to configure what I am trying to do?
>
Recursive servers which queries your authoritative server want to do the
recursion themselves. They send queries without recursion ok bit,
meaning they want to speak authoritative server only. cache.proximus.be
would have to be authoritative for titi.toto.be zone and answer everyone
from the internet. It cannot be hidden behind your authoritative server.
"dig @cache.proximus.be +norec titi.toto.be" command should contain aa
flag. If that cache does not know how to be authoritative, it has to
serve zone not under primary or secondary zones of your server. dnsmasq
knows --auth-zone for similar queries, for example.
>
>
>
>
> Thanks in advance for your feedback,
>
>
>
> Carlos,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *Carlos Onrubia Aviles*
> Solution Engineer | WIFI @ INTERNET TECHNOLOGIES
>
> Proximus
>
> Discover a world of possibilities on Thinkpossible.be
>
>
>
Cheers,
Petr
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: zone forwarding
On 17.01.22 10:46, ONRUBIA AVILES Carlos (CCS/MST) wrote:
Maybe someone can help me with the following problem:
My name server is authoritative with the following domain "toto.be":
zone "toto.be." {
type master;
file "/etc/masterdns.db";
But I would like that a subdomain "titi.toto.be" is not searched in my
masterdns.db file but via the normal process via internet.
I have tried to 2 solutions but it do not work:
1. Adding a forward for this subdomain:
zone "titi.toto.be." {
type forward;
forwarders {1.2.3.4; 5.6.7.8;}; (ip's from dsn cache servers)
forward only;
};
* Seems not to work. Not possible to add a subdomain forwarding?
it is possible, but will only work for recursive clients of your DNS server.
1. Using directly the cache servers as NS:
Cache.proximus.be. INA 1.2.3.4
Cache.proximus.be. INA 5.6.7.8
Titi.toto.be. INNS cache.proximus.be.
this should work properly.
* Not always working as if "titi.toto.be" is not at this moment in the
cache, the cache will answer SERVFAIL and not do the recursion. (I
guess the query via this method is done with flag "Recursion Desired"
set to false)
this also requires forwarding to be allowed from your IP address on the
server you are querying.
but, any recursive server should be able to query your server for Titi.toto.be
and then query 1.2.3.4 or 5.6.7.8
So my question is: Is it possible to configure what I am trying to do?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
zone forwarding
Hello,
Maybe someone can help me with the following problem:
My name server is authoritative with the following domain "toto.be":
zone "toto.be." {
type master;
file "/etc/masterdns.db";
But I would like that a subdomain "titi.toto.be" is not searched in my
masterdns.db file but via the normal process via internet.
I have tried to 2 solutions but it do not work:
1. Adding a forward for this subdomain:
zone "titi.toto.be." {
type forward;
forwarders {1.2.3.4; 5.6.7.8;}; (ip's from dsn cache servers)
forward only;
};
* Seems not to work. Not possible to add a subdomain forwarding?
1. Using directly the cache servers as NS:
Cache.proximus.be. INA 1.2.3.4
Cache.proximus.be. INA 5.6.7.8
Titi.toto.be. INNS cache.proximus.be.
* Not always working as if "titi.toto.be" is not at this moment in the
cache, the cache will answer SERVFAIL and not do the recursion. (I guess the
query via this method is done with flag "Recursion Desired" set to false)
So my question is: Is it possible to configure what I am trying to do?
Thanks in advance for your feedback,
Carlos,
Carlos Onrubia Aviles
Solution Engineer | WIFI @ INTERNET TECHNOLOGIES
[Proximus]
Discover a world of possibilities on
Thinkpossible.be
Sensitivity: Internal Use Only - Only for Proximus business use. See more on
https://www.proximus.com/respect-confidentiality
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Single Zone Forwarding Dilema
First you should check that you can receive a valid response for the intended zone from your forwarders (from your caching server) not from your pc. It wasn't clear from your initial email that this is what you did. yourcacheserver ~ # dig @forwarder_address A host.fwd.zone.net Although it may seem appropriate to mask the domain you are looking up. It does make solving your problem quite difficult. If the above test works yet other queries fail, I would suggest providing the full result of a: yourlocalpc ~ # dig @yourcacheserver A host.fwd.zone.net You may also wish to provide the query logs for this query. On 8/6/09 4:01 PM, Matus UHLAR - fantomas uh...@fantomas.sk wrote: On 06.06.09 01:10, Ben Croswell wrote: If you want to force forwarding you will probably want to add the forward only; directive. By default your server will try to follow NS delegations and then forward if it can't follow them I think it's the opposite - the server will try to query the configured forwarders first, then to continus in usual NS resolution. Forward only; tells it to not even bother trying to follow NS delegations. and thus I recomment not to use this for public zones - if the forwarders are unavailable or from some reason can't answer, the classic resolution will be used. I guess the configured forwarders have one of these problems -- Kal Feher ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Single Zone Forwarding Dilema
Folks,
I'm trying to understand the behavior of a single zone that I'm
forwarding queries for.
Essentially, when I do a dig fwd.zone.net SOA the request seems to be
properly forwarded to the nameservers in the forward statement. I've
verified this with tcpdump running on my primary nameserver.
But when I attempt to resolve a host record in fwd.zone.net it doesn't
seem to be forwarded to the proper nameservers and instead goes out to
the Internet.
I've verified that the host record exists on the remote nameservers to
which I am forwarding by looking up the record directly from the
remote nameserver.
This is what the forwarded zone's configuration looks like:
// zone: fwd.zone.net
zone fwd.zone.net
{
type forward;
forwarders { public ip withheld; public ip withheld; };
};
Am I correct in understanding that each and every query for any record
in the forwarded zone should be forwarded to the specified nameservers
and not go out to the Internet? BTW, I'm running BIND 9.3.5-P1.
Regards,
Mark
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
