Re: delegating subname.localdomain to 127.0.0.2 on the client machine?
In article , Mark Hedges wrote: > On Wed, 21 Apr 2010, Barry Margolin wrote: > > > > > > The scenario is a farm of sendmail + RBL servers that > > > have independent management and databases, but a single > > > bind server. Sendmail etc. would do a lookup of > > > 78.56.34.12.rbl.localdomain and it would look at > > > localhost on 127.0.0.2, where the local RBL service > > > listens. > > > > You need to run a caching nameserver on the sendmail > > machines, and point them to 127.0.0.1 in /etc/resolv.conf. > > The stub resolver doesn't follow delegations, it sends > > recursive queries and expects the server to do all the > > work. > > Actually this is not working still. Am I wasting my time? > > rbldnsd listens on 127.0.0.2 and answers right when queried > directly for something like > 1.139.214.85.countries.rbl.localdomain. > > named listens on 127.0.0.1, set in /etc/resolv.conf, and > answers all other queries correctly, including > 'horta.localdomain' set up in example below, so I know it is > reading in the zone file. > > However, named will not delegate *.rbl.localdomain zones, > and gives NXDOMAIN. Help? Thanks --mark-- You have an out-of-zone A record for rbl.localdomain. That may be causing an error when loading the zone file. > > // named.conf > acl "localdomain" { > 127.0.0.0/8; > }; > options { > listen-on port 53 { 127.0.0.1; }; > // listen-on-v6 port 53 { ::1; }; > directory "/var/named"; > dump-file "/var/named/data/cache_dump.db"; > statistics-file "/var/named/data/named_stats.txt"; > memstatistics-file "/var/named/data/named_mem_stats.txt"; > > // Those options should be used carefully because they disable port > // randomization > // query-sourceport 53; > // query-source-v6 port 53; > > // our nameservers... > forwarders { 192.168.9.86; 192.168.9.35; }; > allow-transfer { localdomain; }; > allow-recursion { localdomain; }; > allow-query { localdomain; }; > allow-query-cache { localdomain; }; > }; > logging { > channel default_debug { > file "data/named.run"; > severity debug; > }; > }; > view localhost_resolver { > match-clients { localdomain; }; > match-destinations { localdomain; }; > recursion yes; > include "/etc/named.rfc1912.zones"; > }; > > // named.rfc1912.zones excerpt: > zone "localdomain" IN { > type master; > file "localdomain.zone"; > allow-update { none; }; > }; > > > # localdomain.zone > $TTL900 > @ IN SOA localhost root ( > 2010042302 ; serial > 5m ; refresh > 5m ; retry > 30m ; expiry > 5m ; minimum cache > ) > IN NS localhost.localdomain. > IN NS rbldnsd.localdomain. > > localhost IN A127.0.0.1 > > horta IN A 127.0.0.3 > > ; delegate rbl zones to rbl localhost ip. > ; rbl listens on 127.0.0.2 so this does not cause a lookup loop. > rbldnsd IN A127.0.0.2 > rbl.localdomain.IN NS rbldnsd.localdomain. > rbl.localdomain.IN A127.0.0.2 -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: delegating subname.localdomain to 127.0.0.2 on the client machine?
On Wed, 21 Apr 2010, Barry Margolin wrote: > > > > The scenario is a farm of sendmail + RBL servers that > > have independent management and databases, but a single > > bind server. Sendmail etc. would do a lookup of > > 78.56.34.12.rbl.localdomain and it would look at > > localhost on 127.0.0.2, where the local RBL service > > listens. > > You need to run a caching nameserver on the sendmail > machines, and point them to 127.0.0.1 in /etc/resolv.conf. > The stub resolver doesn't follow delegations, it sends > recursive queries and expects the server to do all the > work. Actually this is not working still. Am I wasting my time? rbldnsd listens on 127.0.0.2 and answers right when queried directly for something like 1.139.214.85.countries.rbl.localdomain. named listens on 127.0.0.1, set in /etc/resolv.conf, and answers all other queries correctly, including 'horta.localdomain' set up in example below, so I know it is reading in the zone file. However, named will not delegate *.rbl.localdomain zones, and gives NXDOMAIN. Help? Thanks --mark-- // named.conf acl "localdomain" { 127.0.0.0/8; }; options { listen-on port 53 { 127.0.0.1; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // Those options should be used carefully because they disable port // randomization // query-sourceport 53; // query-source-v6 port 53; // our nameservers... forwarders { 192.168.9.86; 192.168.9.35; }; allow-transfer { localdomain; }; allow-recursion { localdomain; }; allow-query { localdomain; }; allow-query-cache { localdomain; }; }; logging { channel default_debug { file "data/named.run"; severity debug; }; }; view localhost_resolver { match-clients { localdomain; }; match-destinations { localdomain; }; recursion yes; include "/etc/named.rfc1912.zones"; }; // named.rfc1912.zones excerpt: zone "localdomain" IN { type master; file "localdomain.zone"; allow-update { none; }; }; # localdomain.zone $TTL900 @ IN SOA localhost root ( 2010042302 ; serial 5m ; refresh 5m ; retry 30m ; expiry 5m ; minimum cache ) IN NS localhost.localdomain. IN NS rbldnsd.localdomain. localhost IN A127.0.0.1 horta IN A 127.0.0.3 ; delegate rbl zones to rbl localhost ip. ; rbl listens on 127.0.0.2 so this does not cause a lookup loop. rbldnsd IN A127.0.0.2 rbl.localdomain.IN NS rbldnsd.localdomain. rbl.localdomain.IN A127.0.0.2 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: delegating subname.localdomain to 127.0.0.2 on the client machine?
On Wed, 21 Apr 2010, Barry Margolin wrote: > > > > The scenario is a farm of sendmail + RBL servers that > > have independent management and databases, but a single > > bind server. Sendmail etc. would do a lookup of > > 78.56.34.12.rbl.localdomain and it would look at > > localhost on 127.0.0.2, where the local RBL service > > listens. > > You need to run a caching nameserver on the sendmail > machines, and point them to 127.0.0.1 in /etc/resolv.conf. > The stub resolver doesn't follow delegations, it sends > recursive queries and expects the server to do all the > work. Thanks that works awesomely! --mark-- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: delegating subname.localdomain to 127.0.0.2 on the client machine?
In article , Mark Hedges wrote: > Hi... > > Is it possible to configure .localdomain to delegate a > subdomain to 127.0.0.2, so that the client then tries to do > a lookup from that localhost address on itself? > > The scenario is a farm of sendmail + RBL servers that have > independent management and databases, but a single bind > server. Sendmail etc. would do a lookup of > 78.56.34.12.rbl.localdomain and it would look at localhost > on 127.0.0.2, where the local RBL service listens. You need to run a caching nameserver on the sendmail machines, and point them to 127.0.0.1 in /etc/resolv.conf. The stub resolver doesn't follow delegations, it sends recursive queries and expects the server to do all the work. > > Is that possible? > > For lookups that work when queried directly from the client > local RBL on 127.0.0.2, > > this causes the response "no answer:" > > view local_domains { > match-clients { localhost; internal; }; > match-destinations { localhost; internal; }; > recursion no; > include "/etc/named.rfc1912.zones"; > }; > > and "recursion yes" causes the response "NXDOMAIN." > > Those were better outcomes, it seemed, than "response timed > out" when rfc1912.zones was lumped into views of the > internal network and vpn domains, which have recursion for > looking up external names. > > Mark -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users