Sending from the correct email alias this time!
On Thu, 3 Mar 2022 at 09:53, Greg Choules
wrote:
> Hi Greg.
> Basically, you can't forward out of authority. If server A is
> authoritative for "example.com" it is authoritative for that and
> everything below that, ad infinitum, unless you tell
>Are you loading the parent domain and trying to zone forward a child domain on
>the same DNS server? I.e. loading somedomain.local and trying to forward
>ab.somedomain.local
Yup, exactly.
That solution was suggested by Jeff Sumner yesterday, but it seemed a little
nuts to me (BIND behaving
Are you loading the parent domain and trying to zone forward a child domain
on the same DNS server? I.e. loading somedomain.local and trying to forward
ab.somedomain.local
If so an NS delegation is required in every instance I have done in my
environment. The NS doesn't need to be "right" but it
Static-sub fixes the issue.
Any idea why static-sub works when forwarder doesn't?
(Again, the server is using recursion. Dig queries return the RA flag, so I
know it's actually offering recursion in reality.)
I can live with static-sub just fine, since it works - but I'd really love to
This got held up in moderation. Let me repost it, from my regular mail client...
> You didn’t share much of your configuration except the one forwarded zone,
> not a lot to go on.
Fair enough. (I guess I thought you could just infer all the needed
information! Oops!)
Let me try Ondrej's
Is static-stub something you are looking for?
Reference documentation:
https://bind9.readthedocs.io/en/v9_18_0/reference.html?highlight=static-stub#zone-types
And in human terms:
https://jpmens.net/2011/01/25/binds-new-static-stub-zone-type/
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My
On 3/1/22 5:35 AM, Matus UHLAR - fantomas wrote:
you are right, forwarding queries requires recursion.
Thank you for the confirmation Matus. :-)
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-users
On 2/28/22 1:47 PM, Gregory Sloop wrote:
I figured before I beat my head against the wall for too long, I'd
ask the real experts! :)
On 28.02.22 22:27, Grant Taylor via bind-users wrote:
I'm definitely not an expert. I don't even pretend to be one on T.V.
But I do wonder what, if any, sort
On 2/28/22 1:47 PM, Gregory Sloop wrote:
I figured before I beat my head against the wall for too long, I'd ask
the real experts! :)
I'm definitely not an expert. I don't even pretend to be one on T.V.
But I do wonder what, if any, sort of restrictions you are placing on
recursion on your
You didn’t share much of your configuration except the one forwarded zone,
not a lot to go on.
But one thing to check, you do have recursion enabled on the server?
On Mon, Feb 28, 2022 at 6:34 PM Gregory Sloop wrote:
> Wow. I hate to be the guy who looks the gift horse in the mouth - but that
Wow. I hate to be the guy who looks the gift horse in the mouth - but that just
seems "wrong." :)
(Not the answer, but that that would be the way BIND wants it done.)
So, now I've got two sets of NS and glue records?
Please tell me that's not the way BIND insists you do this!
I guess I
Add Delegating NS records:
ab.somedomain.local 3600 NS server1.ab.somedomain.local
.
.
.
And glue records
server1.ab.somedomain.local 3600 A 10.0.0.1
.
.
And see if it works. It’s got something to do with the way the record is
matched (or not) before the forward statement is hit.
J
> On
So why doesn’t it work to make your limited server authoritative for the
root and only forward the zones you want? Anything that isn’t in a
forwarded zone does not exist (except the root itself).
On Sat, Apr 17, 2021 at 11:07 PM Marki wrote:
>
> On 4/14/2021 12:44 AM, Sebby, Brian A. via
On 4/14/2021 12:44 AM, Sebby, Brian A. via bind-users wrote:
My situation is due to a security requirement. We have DNS servers at
our site running BIND that allow recursion, but I’ve been requested to
set up some additional DNS servers for another project that is
expected to **only**
rgonne National Laboratory
From: bind-users on behalf of RK K
Date: Wednesday, April 7, 2021 at 7:40 PM
To: "bind-users@lists.isc.org"
Subject: Re: forwarding zone setup from a BIND slave (without recursion?)
Hello Marki, Matus,
Thank you for the insights on this topic.
Answering
Mark Andrews wrote:
> > On 8 Apr 2021, at 00:37, Tony Finch wrote:
> >
> > Forward zones require the upstream server to be recursive too.
>
> More correctly, the upstream server has to serve the entire namespace being
> forwarded if it does not off recursion to the client for forwarding to
>
n replying, please edit your Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
>
>
> Today's Topics:
>
>1. Re: forwarding zone setup from a BIND slave (without
> recursion?) (Chuck Aurora)
>2. Re: forwarding zone setup
Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
>
>
> Today's Topics:
>
>1. forwarding zone setup from a BIND slave (without recursion?)
> (RK K)
>2. Re: forwarding zone setup from a BIND slave (without
> re
> On 8 Apr 2021, at 00:37, Tony Finch wrote:
>
> Chuck Aurora wrote:
>>
>> A stub or static-stub zone would not require recursion. In that case
>> named is asking for authoritative data from upstream. But type
>> forward zones indeed cannot work if recursion is disabled.
>
> Be careful
Chuck Aurora wrote:
>
> A stub or static-stub zone would not require recursion. In that case
> named is asking for authoritative data from upstream. But type
> forward zones indeed cannot work if recursion is disabled.
Be careful in this kind of situation to be very clear about which client
or
On 2021-04-07 03:59, Marki wrote:
To elaborate a little bit on that... Indeed that is how it works,
unfortunately. When you start using forwarders or stubs, recursion
needs to be enabled because you're no longer looking for your own
authoritative data only.
A stub or static-stub zone would not
Hello,
On 4/7/2021 10:35 AM, Matus UHLAR - fantomas wrote:
On 06.04.21 22:47, RK K wrote:
In this scenario, in-order for the secondary server to forward the DNS
query to an external DNS server, is it required to enable the
recursion in
the global options on the secondary servers?
yes.
On 06.04.21 22:47, RK K wrote:
We have a set of BIND primary servers (MASTERs) and a set of secondary
servers (slaves to the MASTERs).
The secondary BIND DNS servers disabled recursion ( with "*recursion no;" *)
in the global options.
All the applications/systems do use secondary DNS servers for
- Kevin
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of
seanliam73
Sent: Wednesday, October 11, 2017 3:45 AM
To: bind-users@lists.isc.org
Subject: RE: Forwarding from delegated zone not working
Thanks Kevin
That is what I suspecte
Thanks Kevin
That is what I suspected. If I make the delegated server the master/slave
for the sub-domain that has been delegated, could I then set up forward
zones for further sub-domains? i.e
subdomain.example.com (delegated domain set as master zone)
sub.subdomain.example.com (forward zone)
Unfortunately we don't manage the AD server, that has been outsourced.
The team that manage AD have delegated the subdomain to our bind 9 instance
which in turn has a number of forwarding zones configured. This is to manage
DNS over a number of cloud based environments.
--
Sent from:
On Tue, Oct 10, 2017 at 11:21 AM, seanliam73 wrote:
> Hi
>
> I have a subdomain delegated from AD to a bind9 instance I have running
> that
> so that all requests for that subdomain are sent to the bind 9 instance. I
> would then like to set up zone forwarding so that
:bind-users-boun...@lists.isc.org] *On Behalf Of *Ben
Croswell
*Sent:* Tuesday, October 10, 2017 11:38 AM
*To:* seanliam73 <sean.orei...@landg.com>
*Cc:* bind-users@lists.isc.org
*Subject:* Re: Forwarding from delegated zone not working
If the AD environment loads company.com you need to make sure
seanliam73 wrote:
>
> I know the forwarding is working because I can query the main bind9
> instance at receive the expected results. However if I query from the AD
> server that is doing the delegation I get a SERVFAIL error.
I guess one possible cause for this problem
Sent: Tuesday, October 10, 2017 11:38 AM
To: seanliam73 <sean.orei...@landg.com>
Cc: bind-users@lists.isc.org
Subject: Re: Forwarding from delegated zone not working
If the AD environment loads company.com<http://company.com> you need to make
sure it has NS delegations. The nameserver
It doesn't work to delegate to a forwarder; you have to delegate to something
that's authoritative for the zone (master or slave). Delegated nameservers are
expected to have a full copy of the zone, either as the source (master) or
through replication (slave).
Now, if you have
If the AD environment loads company.com you need to make sure it has NS
delegations. The nameserver will ignore the zone forwarded if it knows the
child doesn't exist.
On Oct 10, 2017 11:22 AM, "seanliam73" wrote:
> Hi
>
> I have a subdomain delegated from AD to a bind9
On Sun, Aug 28, 2016, at 19:22, Paul Kosinski wrote:
> "... whatever else you use to failover from the primary to the
> secondary would automatically ensure BIND resolves too."
>
> That's the root of the problem: there is no automatic failover, and
> providing one is a lot of work. I was hoping
"... whatever else you use to failover from the primary to the
secondary would automatically ensure BIND resolves too."
That's the root of the problem: there is no automatic failover, and
providing one is a lot of work. I was hoping there was a simple BIND
config option so that BIND itself could
"Your better bet is surely to dump the forwarders and to do your own
recursion."
It doesn't solve the connectivity issue, but it sounds reasonable in
it's own right: I'll have to try it.
On Sat, 27 Aug 2016 14:32:09 -0500
/dev/rob0 wrote:
> On Sat, Aug 27, 2016 at 02:32:42PM
On Sat, Aug 27, 2016, at 11:32, Paul Kosinski wrote:
> So my question is, is it possible to configure my forwarding BIND to
> have a primary and *secondary* path for sending out DNS queries? As far
> as I can tell, the "query-source address" option in named.conf only
> allows one outbound
On Sat, Aug 27, 2016 at 02:32:42PM -0400, Paul Kosinski wrote:
> Currently, I forward all outbound DNS via the DSL to the ISP's
> DNS servers. (I have more confidence in the DSL provider not
> interfering with DNS than in Comcast.)
FWIW, it has been many years since I have dealt with Comcast as
To: houguanghua
Cc: bind-users@lists.isc.org
Subject: RE: forwarding zone to another DNS server problem
houguanghua houguang...@hotmail.com wrote:
I 'm not familiar with'stub'. The description of 'stub' is hard to
understand.
Yes it's a bit weird. Think of it like the root hints but for other zones
Finch
Sent: Tuesday, November 04, 2014 5:10 AM
To: houguanghua
Cc: bind-users@lists.isc.org
Subject: RE: forwarding zone to another DNS server problem
houguanghua houguang...@hotmail.com wrote:
I 'm not familiar with'stub'. The description of 'stub' is hard to
understand.
Yes it's
,
Guanghua
Date: Sun, 2 Nov 2014 21:23:14 +
From: d...@dotat.at
To: houguang...@hotmail.com
CC: bind-users@lists.isc.org
Subject: Re: forwarding zone to another DNS server problem
houguanghua houguang...@hotmail.com wrote:
Can bind support forwarding zone to another DNS server? In my
houguanghua houguang...@hotmail.com wrote:
I 'm not familiar with'stub'. The description of 'stub' is hard to
understand.
Yes it's a bit weird. Think of it like the root hints but for other zones:
i.e. a hint zone configuration in a recursive server tells named that
instead of using a
In article mailman.1168.1415095867.26362.bind-us...@lists.isc.org,
Tony Finch d...@dotat.at wrote:
houguanghua houguang...@hotmail.com wrote:
I 'm not familiar with'stub'. The description of 'stub' is hard to
understand.
Yes it's a bit weird. Think of it like the root hints but for
houguanghua houguang...@hotmail.com wrote:
Can bind support forwarding zone to another DNS server? In my testing,
for loacl name servers, it can. But for authority name servers, it
can't.
forwarding requires recursion allowed for the zone.
On 02.11.14 21:23, Tony Finch wrote:
Use stub or
On 02.11.14 23:09, Frank Pikelner wrote:
What is the advantage of using a stub or static-stub to using a slave?
you should use them when it's not possible or viable to use slave, e.g.
windows AD domain, RBL domain, domain that can't be transferred etc...
--
Matus UHLAR - fantomas,
Matus UHLAR - fantomas uh...@fantomas.sk wrote:
On 02.11.14 23:09, Frank Pikelner wrote:
What is the advantage of using a stub or static-stub to using a slave?
you should use them when it's not possible or viable to use slave, e.g.
windows AD domain, RBL domain, domain that can't be
In article mailman.1155.1414921350.26362.bind-us...@lists.isc.org,
houguanghua houguang...@hotmail.com wrote:
Dear all,
Can bind support forwarding zone to another DNS server? In my testing, for
loacl name servers, it can. But for authority name servers, it can't.
I have a
houguanghua houguang...@hotmail.com wrote:
Can bind support forwarding zone to another DNS server? In my testing,
for loacl name servers, it can. But for authority name servers, it
can't.
Use stub or static-stub to forward to an authoritative server.
Tony.
--
f.anthony.n.finch
houguanghua houguang...@hotmail.com wrote:
Can bind support forwarding zone to another DNS server? In my testing,
for loacl name servers, it can. But for authority name servers, it
can't.
Use stub or static-stub to forward to an authoritative server.
What is the advantage of using a stub or
Hello,
On 30.04.14 17:32, Jeronimo L. Cabral wrote:
1) Office 1: people work with some machines and fill up a local master zone
company.com with records in DNS1
2) Office 2: people works with some others machines and fill up a local
master zone company.com with another records in DNS2
So both
Being authoritative means that you know everything about the zone.
If you know everything about a zone, why ask anyone else?
Split DNS does not follow the DNS paradigm, so there is no standard
way to implement it, and despite many people asking over the years,
there is no NXDOMAIN failover
Hi Jeronimo,
First of all, please just tell us the real domain. Yes, we could try and
talk about a fictitious example.com or company.com, but having the real
domain name lets us actually query your nameservers.
Let me be sure I understand: you have two DNS servers. Each of them is
Dear John, this is my scenario:
1) Office 1: people work with some machines and fill up a local master zone
company.com with records in DNS1
2) Office 2: people works with some others machines and fill up a local
master zone company.com with another records in DNS2
So both office have a
Oh, I thought this was an external-versus-internal scenario. But, this
is even easier.
A) One of the nameservers (pick DNS1 or DNS2) becomes a slave (of the
stealth variety, if you want) of the other
B) People use nsupdate to maintain the zone
For security, TSIG-sign the updates. For fast
First of all, unless you need separate views for each office, don't go down
that path. Why are you attempting this as opposed to standard master-slave
replication?
There's something else I'm not understanding here: why would recursive
queries from one office go to the other office's nameservers?
In office #1, the company.com master zone is updated automatically from
some Windows machines inn DNS1 and in office #2 the same zone is updated
manually in DNS2 by the administrator who shouldn't update (using freeze
and unfreeze) the master zone from office #1. This is the scenario, and we
need
I'm still not understanding your constraints. If *all* updates come in
through Dynamic Update, then you don't need freeze/unfreeze.
- Kevin
On 4/30/2014 6:47 PM, Jeronimo L. Cabral wrote:
In office #1, the company.com http://company.com master zone is
updated automatically from some
DNS1 with dynamic update and DNS2 with manually update
On Wed, Apr 30, 2014 at 8:11 PM, Kevin Darcy k...@chrysler.com wrote:
I'm still not understanding your constraints. If *all* updates come in
through Dynamic Update, then you don't need freeze/unfreeze.
Either do as Kevin Darcy said or else use separate names:
company.com
office1.company.com
office2.company.com
The admin in office 2 updates the office2 zone. The dynamic updates in office 1
go to the office1 zone. The company.com zone delegates both. Everyone can find
everything via that
An unwise decision, from security point of view !
You are about to open the DNS channel - public DNS resolving available for
internal clients.
Consequently data leakage, file transfer in/out over DNS become possible ...
As far as the question about internal fake zones is concerned :
if the name
On 04.03.13 17:35, Shawn Bakhtiar wrote:
A better solution may be (if feasible) to register and get an internet AS
number and enable BGP on both links. If one fails the upstream routers
(even if from desperate providers) will detect a fail and re-rout via the
active link.
you don't need AS
, but that's very
hackish.
Date: Sat, 2 Mar 2013 16:16:28 +0100
From: uh...@fantomas.sk
To: bind-users@lists.isc.org
Subject: Re: forwarding query-source (was Re: name caching and forwarding)
On 01.03.13 17:23, Lawrence K. Chen, P.Eng. wrote:
I thought I had read somewhere the query-source
On 01.03.13 17:23, Lawrence K. Chen, P.Eng. wrote:
I thought I had read somewhere the query-source default is to try making
queries from all the IPs on my system.
No, the default is to use special IP 0.0.0.0 that causes the system (not
the BIND) to select source IP address.
And, my DNS
In message
CAKdykDsixDysXM1005+gwKuqsb81rYP8xNuJpUnZVP+b9-9=h...@mail.gmail.com
, Siju George writes:
Hi,
Currently I am using Bind9 for DNS.
I wish to do the following forward.
1. Forward to domain Name Servers based on client IPS.
a. Forward one set of LAN users to OpenDNS DNS
On Wed, Apr 4, 2012 at 12:14 PM, Matus UHLAR - fantomas
uh...@fantomas.sk wrote:
On 04.04.12 11:54, Siju George wrote:
Currently I am using Bind9 for DNS.
I wish to do the following forward.
1. Forward to domain Name Servers based on client IPS.
a. Forward one set of LAN users to OpenDNS
On 04.04.12 11:54, Siju George wrote:
Currently I am using Bind9 for DNS.
I wish to do the following forward.
1. Forward to domain Name Servers based on client IPS.
a. Forward one set of LAN users to OpenDNS DNS servers soo that I
can restrict them
b. Forward a second set of LAN users to
[mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of
/dev/rob0
Sent: Sunday, January 08, 2012 6:33 PM
To: bind-users@lists.isc.org
Subject: Re: forwarding @ to a different domain?
On Sunday 08 January 2012 09:48:42 enigmedia wrote:
Hi All: I have a situation where I need
www in cname mydomain.myshopify.com.
mydomain.com. in cname mydomain.myshopify.com.
Is this what you are looking for?
8.1.2012 17:48, enigmedia kirjoitti:
Hi All: I have a situation where I need to forward requests for mydomain.com
and www.mydomain.com to a third party:
You can't cnane mydomain.com to anything because it has, at the minimum, ns
and soa records.
-Ben Croswell
On Jan 8, 2012 1:11 PM, Jukka Pakkanen jukka.pakka...@qnet.fi wrote:
www in cname mydomain.myshopify.com.
mydomain.com. in cname mydomain.myshopify.com.
Is this what you are looking
On Sun, 08 Jan 2012 20:00:07 +0200 Jukka Pakkanen jukka.pakka...@qnet.fi
wrote
www in cname mydomain.myshopify.com.
mydomain.com. in cname
mydomain.myshopify.com.
Is this what you are looking for?
Yes, but I thought you couldn't use a cname for the root record of the
domain?
On Sun, 8 Jan 2012 13:20:56 -0500 Ben Croswell ben.crosw...@gmail.com wrote
You can't cnane mydomain.com to anything because it has, at the minimum, ns
and soa records.
-Ben Croswell
Thanks Ben...that's what I thought. So just to ask the question
another way:
How do I point requests
8.1.2012 19:02, enigmedia (onl) kirjoitti:
On Sun, 08 Jan 2012 20:00:07 +0200 Jukka Pakkanen
jukka.pakka...@qnet.fi wrote
www in cname mydomain.myshopify.com.
mydomain.com. in cname
mydomain.myshopify.com.
Is this what you are looking for?
Yes, but I thought you couldn't use a cname
8.1.2012 20:46, Jukka Pakkanen kirjoitti:
8.1.2012 19:02, enigmedia (onl) kirjoitti:
On Sun, 08 Jan 2012 20:00:07 +0200 Jukka Pakkanen
jukka.pakka...@qnet.fi wrote
www in cname mydomain.myshopify.com.
mydomain.com. in cname
mydomain.myshopify.com.
Is this what you are looking for?
On 08/01/2012 17:09, enigmedia (onl) wrote:
How do I point requests for http://mydomain.com; and
http://www.mydomain.com; to http://mydomain.myshopify.com;?
Look up an A record (or ) for mydomain.myshopify.com, then
create a similar A (or ) record pointing to the same address in your
On Sunday 08 January 2012 09:48:42 enigmedia wrote:
Hi All: I have a situation where I need to forward requests for
mydomain.com and www.mydomain.com to a third party:
mydomain.com is a real domain, and probably not yours. If for some
reason you do not want to mention your real domain name,
On Tue, Apr 19, 2011 at 01:37:23AM -0700, chris.p.bux...@gmail.com wrote:
You're getting a bit confused, because your configuration is complex. Some of
your observations are in contradiction with your disabling of recursion, so I
believe you are partially mistaken.
- You're mixing
I'd like to reinforce what Chris said, and recommend the use of an
internal root zone for networks/enterprises which have no public
Internet connectivity, or whose connectivity to the Internet is
exclusively through application-level proxies. Don't make Internet names
resolvable on your
I'd like to reinforce what Chris said, and recommend the use of an
internal root zone for networks/enterprises which have no public
Internet connectivity
+1
A lot of people seem to be scared by the prospect of setting up
their own root zone.
It really isn't difficult, and I discuss this
You're getting a bit confused, because your configuration is complex. Some of
your observations are in contradiction with your disabling of recursion, so I
believe you are partially mistaken.
- You're mixing authoritative and recursive service in one config. This often
leads to confusion.
-
Date: Sun, 12 Dec 2010 22:15:41 -0800 (PST)
From: Ed Arizona colinedwardhar...@yahoo.com
Sender: bind-users-bounces+oberman=es@lists.isc.org
We're seeing an issue with regarding to a bind9 server setup as a 'forward
only'
system.
The server is multihomed on five unique
Firstly please get a sane email client. Printed quotable is supposed to
be readable by old mail clients. Your client is turning the line breaks
you entered into =A0 rather than preserving.
Secondly the default for allow-recursion is {localhost; localnets;}.
The clients that you are having
In message 006001cb7ffe$7a6f5b10$6f4e11...@eurid.eu, Marc Lampo writes:
Hello,
Much attention has been given to DNSSEC - how it brings security - the
chain-of-trust - the root zone signed - activities of tld's to get
signed - ...
but we - I belong to an organisation in charge of a tld
On 2010-08-10 02:39, CLOSE Dave (DAE) wrote:
Based on suggestions here, I now have a named.conf file like this:
options { ... };
logging { ... };
zone . IN { type forward; forwarders { PUB; }; forward only; };
zone HOST1 { type forward; forwarders { PRIV; }; };
zone HOST2 {
On Mon, 9 Aug 2010, CLOSE Dave (DAE) wrote:
Based on suggestions here, I now have a named.conf file like this:
options { ... };
logging { ... };
zone . IN { type forward; forwarders { PUB; }; forward only; };
zone HOST1 { type forward; forwarders { PRIV; }; };
zone HOST2 {
On 8/10/2010 9:16 AM, Tony Finch wrote:
On Mon, 9 Aug 2010, CLOSE Dave (DAE) wrote:
Based on suggestions here, I now have a named.conf file like this:
options { ... };
logging { ... };
zone . IN { type forward; forwarders { PUB; }; forward only; };
zone HOST1 { type
Sten Carlsen wrote:
I believe you could use forwarding to the internal server for each individual
name:
zone HOST1 {
type forward;
forwarders{ private.domain.server.IP; };
}
This should do the trick but not elegant, not easy. I would start hinting to
management that changes
On 8/6/2010 7:28 PM, CLOSE Dave (DAE) wrote:
Sten Carlsen wrote:
I believe you could use forwarding to the internal server for each individual
name:
zone HOST1 {
type forward;
forwarders{ private.domain.server.IP; };
}
This should do the trick but not elegant, not easy. I would
I asked:
My company has two internal name servers accessible to me. One (PUB) is
the usual Internet-facing server than can resolve most internal and all
public names. The other (PRIV) is a special purpose server that only
resolves names in a special private domain. If I list both servers in
On Fri, Aug 06, 2010 at 10:05:01AM -0700, CLOSE Dave (DAE) wrote:
Joseph S D Yao wrote:
If you have two forwarders, as you listed, your server will try to
forward first to one and then to the other. If it gets any answer at
all from one - even an error answer - it will not try the other.
On Fri, Aug 06, 2010 at 10:43:01PM +0100, Tony Finch wrote:
...
As I understand it, BIND makes recursive queries to forwarding servers. If
the target is authoritative, you configure the zone as a stub. This is not
documented.
I believe this is incorrect on both counts. In this form, BIND
On Tue, Aug 10, 2010 at 02:37:54PM -0400, Joseph S D Yao wrote:
...
Then either it's not serving DNS or you haven't found the right buttons.
What is it? Can you explain a bit more?
...
Sorry, in my hurry I didn't fast-forward through the thread. Glad that
it's working for you now.
--
On Tue, 10 Aug 2010, Joseph S D Yao wrote:
On Fri, Aug 06, 2010 at 10:43:01PM +0100, Tony Finch wrote:
...
As I understand it, BIND makes recursive queries to forwarding servers. If
the target is authoritative, you configure the zone as a stub. This is not
documented.
I believe this is
Based on suggestions here, I now have a named.conf file like this:
options { ... };
logging { ... };
zone . IN { type forward; forwarders { PUB; }; forward only; };
zone HOST1 { type forward; forwarders { PRIV; }; };
zone HOST2 { type forward; forwarders { PRIV; }; };
# PUB and
Joseph S D Yao wrote:
If you have two forwarders, as you listed, your server will try to
forward first to one and then to the other. If it gets any answer at
all from one - even an error answer - it will not try the other.
So forwarding works exactly the same as listing both servers in
On 8/6/2010 1:05 PM, CLOSE Dave (DAE) wrote:
Joseph S D Yao wrote:
If you have two forwarders, as you listed, your server will try to
forward first to one and then to the other. If it gets any answer at
all from one - even an error answer - it will not try the other.
So forwarding
On 06/08/10 19:59, Kevin Darcy wrote:
On 8/6/2010 1:05 PM, CLOSE Dave (DAE) wrote:
Joseph S D Yao wrote:
If you have two forwarders, as you listed, your server will try to
forward first to one and then to the other. If it gets any answer at
all from one - even an error answer - it
On Thu, 5 Aug 2010, Lyle Giese wrote:
zone mydomain.com{
type forward;
forward only;
forwarders { ip address of priv server;}; };
The priv server needs to be authorative(and probably master) for
mydomain.com.
As I understand it, BIND makes recursive queries to forwarding servers. If
the
On Thu, Aug 05, 2010 at 06:03:34PM -0700, CLOSE Dave (DAE) wrote:
My company has two internal name servers accessible to me. One (PUB) is
the usual Internet-facing server than can resolve most internal and all
public names. The other (PRIV) is a special purpose server that only
resolves
Note that the name 218.246.85.101 -- which is the target of the
www.01cool.com alias -- does not exist in the Internet DNS.
I don't what kind of DNS implementation/configuration is running on
211.99.204.77, but it seems to be returning SERVFAIL for *any* recursive
query outside of its
On Nov 22, 2009, at 7:23 PM, Chris Hills wrote:
On 22/11/09 21:01, Chris Buxton wrote:
Change the zone from type forward to type slave, and add
allow-update-forwarding.
zone dyn.example.com. {
type slave;
masters { ::1; };
allow-update-forwarding { local-networks; };
};
On 23/11/09 18:05, Chris Buxton wrote:
The internal-in view should have some log entry of the forwarded update. I'm
not sure what category or severity level that would be, though.
I could not find it in either the query log or the update log. Bug?
Of course, if you were to start using signed
1 - 100 of 107 matches
Mail list logo