On 26/10/12 12:56, Ben Croswell wrote:
>
> The one thing I can think of off the top of my head is to ensure the
> child subdomain is properly delegated in the parent. If you try to
> zone level forward a child domain on a server that loads the parent it
> will ignore the forward if it can see the child doesn't exist as a
> true delegation.
> I assume the logic is, why would I forward a subdomain I know doesn't
> exist.
>
I should think that internal.org... is properly delegated, so the
forward will not be concerned about a subdomain, only about the domain,
that is actually forwarded. internal.org... will then be looked up in
the normal recursive way, so another forward statement might solve this
issue.
>
> -Ben Croswell
>
> On Oct 26, 2012 2:17 AM, "Frank Even" <[email protected]
> <mailto:lists%[email protected]>> wrote:
>
> I've recently had an issue that I'm having some issues finding
> information on solving.
>
> I have internal DNS resolvers...they act as recursive name servers for
> general internet queries, but we have forwarders explicitly defined
> for specific internal zones being served by other name servers.
>
> My configuration has one particular zone configured as such:
>
> zone "internal.organization.com
> <http://internal.organization.com>" IN { type forward; forward only;
> forwarders {172.x.x.x; 172.x.x.x; }; };
>
> I have our main zone, organization.com <http://organization.com>,
> hosted in an external area
> outside of a firewall with a wildcard record contained in it for
> anything that is not explicitly defined. I have some services that I
> need to reach using names that are in this external zone internally.
> What I'm trying to do is to slave the organization.com
> <http://organization.com> zone to my
> internal recursive resolver to mitigate any possible network issues.
>
> So I setup the internal resolver as a slave for the
> "organization.com <http://organization.com>"
> zone and found that queries against "internal.organization.com
> <http://internal.organization.com>" were
> getting answered with the wildcard for the external
> "organization.com <http://organization.com>"
> zone. I can't seem to figure out why the forwarders are getting
> ignored. Is it an order of precedence, say authoritative zones are
> respected over forwarders...or something else??
>
> Thanks for any assistance anyone can provide, or point me to some
> documentation I'm missing,
> Frank
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> [email protected] <mailto:[email protected]>
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> [email protected]
> https://lists.isc.org/mailman/listinfo/bind-users
--
Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
