Solved

DNS local + forwarding

Posted on 2001-07-12
5
493 Views
Last Modified: 2010-03-18
I have a DNS server which must be a master for its  local domain and should forward to another given host all the dns queries that are not related with its domain.

I wrote this named.conf file:

options {
      directory "/var/named";
      forward first;
             forwarders {
                  10.10.10.254;
             };
};
zone "mydom"{
     type master;
     file "named.mydom";
};
zone "0.0.127.in-addr.arpa"{
     type master;
     file "named.local";
};
zone "30.10.10.in-addr.arpa"{
     type master;
     file "named.rev.30.10.10";
};

10.10.10.254 is the higher level DNS to whom requests should be sent.

Local domain (10.10.30.0) works fine.

Thank you in advance.
Livio
0
Comment
Question by:livio
  • 3
  • 2
5 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 6279208
If you want the local DNS server to always forward requests for data that it doesn't already have in cache or isn't authoritative for you need the configuration to include a "forward only" directive, like so:

options {
...
  forwarders { 10.10.10.254; };
  forward only;
...

In what you show in the question you have the "forward first" and "forwarders" directives in opposite order to what I know to work. If forwarding of DNS requests isn't working at present, try swapping the oder of those lines. Also, per the question, I don't see where you've told bind to issue queries on port 53. Any time there is a firewall between your nameserver and the Internet you need that enabled on late versions of bind (8.x & later) inorder to query Internet nameservers. Since you reference private address ranges there is likely a firewall in your path and the options should look like:

options {
  ...
  forwarders { 10.10.10.254; };
  forward only;
  query-source address * port 53;
  ...
There are two things to keep in mind with respect to the use of forwarders. One is that the local of bind will only forward requests for things it isn't authoritative for. That means that you could not have the local bind be authoritative for some-domain.tld and expect it to forward requests to an upstream DNS that is also authoritative for some-domain.tld, even if the local bind doesn't have all of the data for some-domain.tld. You can, however, have the local DNS be authoritative for sub.some-domain.tld and have it forward requests to the nameserver for some-domain.tld for things that aren't in sub.some-domain.tld.

The other thing to keep in mind is that bind will only wai for a short time for a response from the upstream DNS if you aren't using "forward only". If the response isn't received within that time period the local copy of bind will atthemt to access the Internet for the data. Using "forward only" will force the local bind to wait for the resonse from the upstream DNS and it will never attempt to contact an Internet nameserver.
0
 

Author Comment

by:livio
ID: 6279993
There is no firewall. If I set it up to connect to the root servers it works.

I got this message in the log/messages when I start it:
 No root nameservers for class IN  

Thank you, Jlevie.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6282190
I don't see a root nameservers zone definition in your question. Regardless of whether the server is to forward or not you need that zone for bind to operate properly and it should look something like:

zone "." {
        type hint;
        file "named.root";
};

Where "named.root" contains the list all of the root servers.
0
 

Author Comment

by:livio
ID: 6285323
Jlevie, adding the root nameserver zone it works, but with this configuration is it using the root nameservers or the forward nameserver?

Why I have to add the root nameservers if it does not use them?

Thank you very much.

Livio
0
 
LVL 40

Accepted Solution

by:
jlevie earned 200 total points
ID: 6286353
Using the "forward first" directive Bind must have the list of root servers as it will contact the root servers if it doesn't get promptly a reply from the forwarder. Also I'm reasonably certain that you have to have a hints file even if you use "forward only". If you want to be sure that this copy of bind doesn't attempt to contact Internet nameservers change "forward first" to forward only".
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now