Solved

DNS local + forwarding

Posted on 2001-07-12
5
509 Views
Last Modified: 2010-03-18
I have a DNS server which must be a master for its  local domain and should forward to another given host all the dns queries that are not related with its domain.

I wrote this named.conf file:

options {
      directory "/var/named";
      forward first;
             forwarders {
                  10.10.10.254;
             };
};
zone "mydom"{
     type master;
     file "named.mydom";
};
zone "0.0.127.in-addr.arpa"{
     type master;
     file "named.local";
};
zone "30.10.10.in-addr.arpa"{
     type master;
     file "named.rev.30.10.10";
};

10.10.10.254 is the higher level DNS to whom requests should be sent.

Local domain (10.10.30.0) works fine.

Thank you in advance.
Livio
0
Comment
Question by:livio
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 6279208
If you want the local DNS server to always forward requests for data that it doesn't already have in cache or isn't authoritative for you need the configuration to include a "forward only" directive, like so:

options {
...
  forwarders { 10.10.10.254; };
  forward only;
...

In what you show in the question you have the "forward first" and "forwarders" directives in opposite order to what I know to work. If forwarding of DNS requests isn't working at present, try swapping the oder of those lines. Also, per the question, I don't see where you've told bind to issue queries on port 53. Any time there is a firewall between your nameserver and the Internet you need that enabled on late versions of bind (8.x & later) inorder to query Internet nameservers. Since you reference private address ranges there is likely a firewall in your path and the options should look like:

options {
  ...
  forwarders { 10.10.10.254; };
  forward only;
  query-source address * port 53;
  ...
There are two things to keep in mind with respect to the use of forwarders. One is that the local of bind will only forward requests for things it isn't authoritative for. That means that you could not have the local bind be authoritative for some-domain.tld and expect it to forward requests to an upstream DNS that is also authoritative for some-domain.tld, even if the local bind doesn't have all of the data for some-domain.tld. You can, however, have the local DNS be authoritative for sub.some-domain.tld and have it forward requests to the nameserver for some-domain.tld for things that aren't in sub.some-domain.tld.

The other thing to keep in mind is that bind will only wai for a short time for a response from the upstream DNS if you aren't using "forward only". If the response isn't received within that time period the local copy of bind will atthemt to access the Internet for the data. Using "forward only" will force the local bind to wait for the resonse from the upstream DNS and it will never attempt to contact an Internet nameserver.
0
 

Author Comment

by:livio
ID: 6279993
There is no firewall. If I set it up to connect to the root servers it works.

I got this message in the log/messages when I start it:
 No root nameservers for class IN  

Thank you, Jlevie.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6282190
I don't see a root nameservers zone definition in your question. Regardless of whether the server is to forward or not you need that zone for bind to operate properly and it should look something like:

zone "." {
        type hint;
        file "named.root";
};

Where "named.root" contains the list all of the root servers.
0
 

Author Comment

by:livio
ID: 6285323
Jlevie, adding the root nameserver zone it works, but with this configuration is it using the root nameservers or the forward nameserver?

Why I have to add the root nameservers if it does not use them?

Thank you very much.

Livio
0
 
LVL 40

Accepted Solution

by:
jlevie earned 200 total points
ID: 6286353
Using the "forward first" directive Bind must have the list of root servers as it will contact the root servers if it doesn't get promptly a reply from the forwarder. Also I'm reasonably certain that you have to have a hints file even if you use "forward only". If you want to be sure that this copy of bind doesn't attempt to contact Internet nameservers change "forward first" to forward only".
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Reaching outside NTP servers from within a domain? 12 120
Prevent login on dead linux home directories 3 89
Squid Connection Pools 3 107
Webmin Bandwidth Monitoring not working 10 189
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question