Re: delegating subname.localdomain to 127.0.0.2 on the client machine?
In article ,
Mark Hedges wrote:
> On Wed, 21 Apr 2010, Barry Margolin wrote:
> > >
> > > The scenario is a farm of sendmail + RBL servers that
> > > have independent management and databases, but a single
> > > bind server. Sendmail etc. would do a lookup of
> > > 78.56.34.12.rbl.localdomain and it would look at
> > > localhost on 127.0.0.2, where the local RBL service
> > > listens.
> >
> > You need to run a caching nameserver on the sendmail
> > machines, and point them to 127.0.0.1 in /etc/resolv.conf.
> > The stub resolver doesn't follow delegations, it sends
> > recursive queries and expects the server to do all the
> > work.
>
> Actually this is not working still. Am I wasting my time?
>
> rbldnsd listens on 127.0.0.2 and answers right when queried
> directly for something like
> 1.139.214.85.countries.rbl.localdomain.
>
> named listens on 127.0.0.1, set in /etc/resolv.conf, and
> answers all other queries correctly, including
> 'horta.localdomain' set up in example below, so I know it is
> reading in the zone file.
>
> However, named will not delegate *.rbl.localdomain zones,
> and gives NXDOMAIN. Help? Thanks --mark--
You have an out-of-zone A record for rbl.localdomain. That may be
causing an error when loading the zone file.
>
> // named.conf
> acl "localdomain" {
> 127.0.0.0/8;
> };
> options {
> listen-on port 53 { 127.0.0.1; };
> // listen-on-v6 port 53 { ::1; };
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> memstatistics-file "/var/named/data/named_mem_stats.txt";
>
> // Those options should be used carefully because they disable port
> // randomization
> // query-sourceport 53;
> // query-source-v6 port 53;
>
> // our nameservers...
> forwarders { 192.168.9.86; 192.168.9.35; };
> allow-transfer { localdomain; };
> allow-recursion { localdomain; };
> allow-query { localdomain; };
> allow-query-cache { localdomain; };
> };
> logging {
> channel default_debug {
> file "data/named.run";
> severity debug;
> };
> };
> view localhost_resolver {
> match-clients { localdomain; };
> match-destinations { localdomain; };
> recursion yes;
> include "/etc/named.rfc1912.zones";
> };
>
> // named.rfc1912.zones excerpt:
> zone "localdomain" IN {
> type master;
> file "localdomain.zone";
> allow-update { none; };
> };
>
>
> # localdomain.zone
> $TTL900
> @ IN SOA localhost root (
> 2010042302 ; serial
> 5m ; refresh
> 5m ; retry
> 30m ; expiry
> 5m ; minimum cache
> )
> IN NS localhost.localdomain.
> IN NS rbldnsd.localdomain.
>
> localhost IN A127.0.0.1
>
> horta IN A 127.0.0.3
>
> ; delegate rbl zones to rbl localhost ip.
> ; rbl listens on 127.0.0.2 so this does not cause a lookup loop.
> rbldnsd IN A127.0.0.2
> rbl.localdomain.IN NS rbldnsd.localdomain.
> rbl.localdomain.IN A127.0.0.2
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: delegating subname.localdomain to 127.0.0.2 on the client machine?
On Wed, 21 Apr 2010, Barry Margolin wrote:
> >
> > The scenario is a farm of sendmail + RBL servers that
> > have independent management and databases, but a single
> > bind server. Sendmail etc. would do a lookup of
> > 78.56.34.12.rbl.localdomain and it would look at
> > localhost on 127.0.0.2, where the local RBL service
> > listens.
>
> You need to run a caching nameserver on the sendmail
> machines, and point them to 127.0.0.1 in /etc/resolv.conf.
> The stub resolver doesn't follow delegations, it sends
> recursive queries and expects the server to do all the
> work.
Actually this is not working still. Am I wasting my time?
rbldnsd listens on 127.0.0.2 and answers right when queried
directly for something like
1.139.214.85.countries.rbl.localdomain.
named listens on 127.0.0.1, set in /etc/resolv.conf, and
answers all other queries correctly, including
'horta.localdomain' set up in example below, so I know it is
reading in the zone file.
However, named will not delegate *.rbl.localdomain zones,
and gives NXDOMAIN. Help? Thanks --mark--
// named.conf
acl "localdomain" {
127.0.0.0/8;
};
options {
listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-sourceport 53;
// query-source-v6 port 53;
// our nameservers...
forwarders { 192.168.9.86; 192.168.9.35; };
allow-transfer { localdomain; };
allow-recursion { localdomain; };
allow-query { localdomain; };
allow-query-cache { localdomain; };
};
logging {
channel default_debug {
file "data/named.run";
severity debug;
};
};
view localhost_resolver {
match-clients { localdomain; };
match-destinations { localdomain; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
// named.rfc1912.zones excerpt:
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
# localdomain.zone
$TTL900
@ IN SOA localhost root (
2010042302 ; serial
5m ; refresh
5m ; retry
30m ; expiry
5m ; minimum cache
)
IN NS localhost.localdomain.
IN NS rbldnsd.localdomain.
localhost IN A127.0.0.1
horta IN A 127.0.0.3
; delegate rbl zones to rbl localhost ip.
; rbl listens on 127.0.0.2 so this does not cause a lookup loop.
rbldnsd IN A127.0.0.2
rbl.localdomain.IN NS rbldnsd.localdomain.
rbl.localdomain.IN A127.0.0.2
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: delegating subname.localdomain to 127.0.0.2 on the client machine?
On Wed, 21 Apr 2010, Barry Margolin wrote: > > > > The scenario is a farm of sendmail + RBL servers that > > have independent management and databases, but a single > > bind server. Sendmail etc. would do a lookup of > > 78.56.34.12.rbl.localdomain and it would look at > > localhost on 127.0.0.2, where the local RBL service > > listens. > > You need to run a caching nameserver on the sendmail > machines, and point them to 127.0.0.1 in /etc/resolv.conf. > The stub resolver doesn't follow delegations, it sends > recursive queries and expects the server to do all the > work. Thanks that works awesomely! --mark-- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: delegating subname.localdomain to 127.0.0.2 on the client machine?
In article ,
Mark Hedges wrote:
> Hi...
>
> Is it possible to configure .localdomain to delegate a
> subdomain to 127.0.0.2, so that the client then tries to do
> a lookup from that localhost address on itself?
>
> The scenario is a farm of sendmail + RBL servers that have
> independent management and databases, but a single bind
> server. Sendmail etc. would do a lookup of
> 78.56.34.12.rbl.localdomain and it would look at localhost
> on 127.0.0.2, where the local RBL service listens.
You need to run a caching nameserver on the sendmail machines, and point
them to 127.0.0.1 in /etc/resolv.conf. The stub resolver doesn't follow
delegations, it sends recursive queries and expects the server to do all
the work.
>
> Is that possible?
>
> For lookups that work when queried directly from the client
> local RBL on 127.0.0.2,
>
> this causes the response "no answer:"
>
> view local_domains {
> match-clients { localhost; internal; };
> match-destinations { localhost; internal; };
> recursion no;
> include "/etc/named.rfc1912.zones";
> };
>
> and "recursion yes" causes the response "NXDOMAIN."
>
> Those were better outcomes, it seemed, than "response timed
> out" when rfc1912.zones was lumped into views of the
> internal network and vpn domains, which have recursion for
> looking up external names.
>
> Mark
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
