Thanks for the answer but: * In the example i post yesterday: on my server1 the recursion is enabled (recursion yes), but the server1 can't recurse because i stop it on firewall and it can't contact the outside. * You say "Don't use forwarding from a recursive server to a non-recursive server" but when my server1 is recursive (and the firewall allow it to contact the outside), and server2 don't recurse because in it's conf recursion is set to no, when i ask my server1 about ftp.example.com<ftp://ftp.example.com> (dig @0 ftp.example.com<ftp://ftp.example.com>) , server1 forward the query to server2 which answer by the CNAME www.abc.com<http://www.abc.com> and then server1 recurse to find the IP of www.abc.com<http://www.abc.com>. and everything works fine. * you say "If server 2 is auth-only or otherwise can't resolve the address of www.abc.com<http://www.abc.com/>, then forwarding a query to it is not going to work." No as i say when server1 really recurse ( recursion yes, and the firewall allow the server1 to contact outside) and server2 don't recurse (recursion no) all is ok: server1 forward the query to server2 which answer by the CNAME www.abc.com<http://www.abc.com/> and then server1 recurse to find the IP of www.abc.com<http://www.abc.com/>. and everything works fine. * You say "then using a stub zone for example.com<http://example.com/> will work", why i will use a stub zone since a forward do the same thing expected.
And my question is always this: forward only; as i read means a recursive query, in other term a query with the RD bit is enabled. which means that when my server1 (which has recursion yes but can't recurse because the firewall don't allow it to contact the outside, which finally means server1 can't recuse) ask server2 about ftp.example.com<ftp://ftp.example.com>, server2 will normally make all the work means he read on it's zone, then find the CNAME, then make a recursion to resolve the CNAME and finally send the IP to server1. why server2 don't recurse to find the IP of www.abc.com? thanks for your help. ________________________________ De : Chris Buxton [mailto:chris.p.bux...@gmail.com] Envoyé : jeudi 5 mai 2011 19:47 À : HARRATHI Issam Ext OLNC/DPS Cc : bind-users@lists.isc.org Objet : Re: forward first: iterative or recursive query If recursion is disabled, forwarding doesn't happen. I think you've confused some terms and configurations. Don't use forwarding from a recursive server to a non-recursive server. Use a stub zone instead, if you can't rely on the recursion process to find the correct server to query. If server 2 is auth-only or otherwise can't resolve the address of www.abc.com<http://www.abc.com>, then forwarding a query to it is not going to work. However, if server 1 is a caching server and is able to resolve www.abc.com<http://www.abc.com>, then using a stub zone for example.com<http://example.com> will work; server 2 will send the CNAME record to server 1, and then server 1 will resolve the final address record on its own. Chris Buxton BlueCat Networks On May 5, 2011, at 2:15 AM, <iharrathi....@orange-ftgroup.com<mailto:iharrathi....@orange-ftgroup.com>> <iharrathi....@orange-ftgroup.com<mailto:iharrathi....@orange-ftgroup.com>> wrote: Hi, i have a server called server1 that is acting as a cache server( recursion none). And i forward the zone example.com<http://example.com> to server2 which has recursion enabled and master on some zone like example.com<http://example.com>. this is the forwarding zone on server1: zone "example.com<http://example.com>" { type forward; forward only; forwarders { IP_of server2; }; }; and server2 is master of the zone example.com<http://example.com>: zone "example.com<http://example.com>" { type master; file "master/db.example.com"; }; BUT the problem is here: db.example.com<http://db.example.com>: .... $ORIGIN example.com<http://example.com>. www A 1.2.3.4 ftp CNAME www.abc.com<http://www.abc.com/> server1 can resolve www.example.com<http://www.example.com/>, but can't resolve ftp.example.com<ftp://ftp.example.com> since the server2 sends the answer which is www.abc.com<http://www.abc.com/> and not the IP, and my server1 can't make recursion to resolve www.abc.com<http://www.abc.com/>. why? from server1 when i dig on server2: dig @IP-server2 www.example.com<http://www.example.com/> it sends to me the IP, all is OK!!! but with a forwarding statement it sends only the CNAME server1 is bind9.6-ESV-R4 et server2 bind-9.4.2 Thanks. Issam HARRATHI ________________________________ De : Chris Buxton [mailto:chris.p.bux...@gmail.com] Envoyé : mercredi 4 mai 2011 08:49 À : HARRATHI Issam Ext OLNC/DPS Cc : bind-users@lists.isc.org<mailto:bind-users@lists.isc.org> Objet : Re: forward first: iterative or recursive query With a static-stub zone, you would get an iterative query. Forwarding always results in a recursive query. How are you determining that your server is sending an iterative query? Can we (the list) see your named.conf? Regards, Chris Buxton BlueCat Networks On May 3, 2011, at 5:21 AM, <iharrathi....@orange-ftgroup.com<mailto:iharrathi....@orange-ftgroup.com>> <iharrathi....@orange-ftgroup.com<mailto:iharrathi....@orange-ftgroup.com>> wrote: Hi from the book DNS and Bind 5th edition [french] (o'reilly) I read that the forward with the mode first sends a recursive query to the servers on the forwarders list, but as i see it only sends an iterative query. Also with forward only it send an itérative query. So forward first send an itérative or recursive query? And how i can send a recursive query with the statement forward ( without using static-stub) I'm using bind-9.6-ESV-R4 Thanks. Issam HARRATHI. ******************************************************************************** IMPORTANT.Les informations contenues dans ce message electronique y compris les fichiers attaches sont strictement confidentielles et peuvent etre protegees par la loi. Ce message electronique est destine exclusivement au(x) destinataire(s) mentionne(s) ci-dessus. Si vous avez recu ce message par erreur ou s il ne vous est pas destine, veuillez immediatement le signaler a l expediteur et effacer ce message et tous les fichiers eventuellement attaches. Toute lecture, exploitation ou transmission des informations contenues dans ce message est interdite. Tout message electronique est susceptible d alteration. A ce titre, le Groupe France Telecom decline toute responsabilite notamment s il a ete altere, deforme ou falsifie. De meme, il appartient au destinataire de s assurer de l absence de tout virus. IMPORTANT.This e-mail message and any attachments are strictly confidential and may be protected by law. This message is intended only for the named recipient(s) above. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and delete this e-mail message. Any unauthorized view, usage or disclosure ofthis message is prohibited. Since e-mail messages may not be reliable, France Telecom Group shall not be liable for any message if modified, changed or falsified. Additionally the recipient should ensure they are actually virus free. ******************************************************************************** _______________________________________________ bind-users mailing list bind-users@lists.isc.org<mailto:bind-users@lists.isc.org> https://lists.isc.org/mailman/listinfo/bind-users ******************************************************************************** IMPORTANT.Les informations contenues dans ce message electronique y compris les fichiers attaches sont strictement confidentielles et peuvent etre protegees par la loi. Ce message electronique est destine exclusivement au(x) destinataire(s) mentionne(s) ci-dessus. Si vous avez recu ce message par erreur ou s il ne vous est pas destine, veuillez immediatement le signaler a l expediteur et effacer ce message et tous les fichiers eventuellement attaches. Toute lecture, exploitation ou transmission des informations contenues dans ce message est interdite. Tout message electronique est susceptible d alteration. A ce titre, le Groupe France Telecom decline toute responsabilite notamment s il a ete altere, deforme ou falsifie. De meme, il appartient au destinataire de s assurer de l absence de tout virus. IMPORTANT.This e-mail message and any attachments are strictly confidential and may be protected by law. This message is intended only for the named recipient(s) above. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and delete this e-mail message. Any unauthorized view, usage or disclosure ofthis message is prohibited. Since e-mail messages may not be reliable, France Telecom Group shall not be liable for any message if modified, changed or falsified. Additionally the recipient should ensure they are actually virus free. ******************************************************************************** ******************************************************************************** IMPORTANT.Les informations contenues dans ce message electronique y compris les fichiers attaches sont strictement confidentielles et peuvent etre protegees par la loi. Ce message electronique est destine exclusivement au(x) destinataire(s) mentionne(s) ci-dessus. Si vous avez recu ce message par erreur ou s il ne vous est pas destine, veuillez immediatement le signaler a l expediteur et effacer ce message et tous les fichiers eventuellement attaches. Toute lecture, exploitation ou transmission des informations contenues dans ce message est interdite. Tout message electronique est susceptible d alteration. A ce titre, le Groupe France Telecom decline toute responsabilite notamment s il a ete altere, deforme ou falsifie. De meme, il appartient au destinataire de s assurer de l absence de tout virus. IMPORTANT.This e-mail message and any attachments are strictly confidential and may be protected by law. This message is intended only for the named recipient(s) above. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and delete this e-mail message. Any unauthorized view, usage or disclosure ofthis message is prohibited. Since e-mail messages may not be reliable, France Telecom Group shall not be liable for any message if modified, changed or falsified. Additionally the recipient should ensure they are actually virus free. ********************************************************************************
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
