On 26/10/12 12:56, Ben Croswell wrote: > > The one thing I can think of off the top of my head is to ensure the > child subdomain is properly delegated in the parent. If you try to > zone level forward a child domain on a server that loads the parent it > will ignore the forward if it can see the child doesn't exist as a > true delegation. > I assume the logic is, why would I forward a subdomain I know doesn't > exist. > I should think that internal.org... is properly delegated, so the forward will not be concerned about a subdomain, only about the domain, that is actually forwarded. internal.org... will then be looked up in the normal recursive way, so another forward statement might solve this issue. > > -Ben Croswell > > On Oct 26, 2012 2:17 AM, "Frank Even" <lists+isc....@elitists.org > <mailto:lists%2bisc....@elitists.org>> wrote: > > I've recently had an issue that I'm having some issues finding > information on solving. > > I have internal DNS resolvers...they act as recursive name servers for > general internet queries, but we have forwarders explicitly defined > for specific internal zones being served by other name servers. > > My configuration has one particular zone configured as such: > > zone "internal.organization.com > <http://internal.organization.com>" IN { type forward; forward only; > forwarders {172.x.x.x; 172.x.x.x; }; }; > > I have our main zone, organization.com <http://organization.com>, > hosted in an external area > outside of a firewall with a wildcard record contained in it for > anything that is not explicitly defined. I have some services that I > need to reach using names that are in this external zone internally. > What I'm trying to do is to slave the organization.com > <http://organization.com> zone to my > internal recursive resolver to mitigate any possible network issues. > > So I setup the internal resolver as a slave for the > "organization.com <http://organization.com>" > zone and found that queries against "internal.organization.com > <http://internal.organization.com>" were > getting answered with the wildcard for the external > "organization.com <http://organization.com>" > zone. I can't seem to figure out why the forwarders are getting > ignored. Is it an order of precedence, say authoritative zones are > respected over forwarders...or something else?? > > Thanks for any assistance anyone can provide, or point me to some > documentation I'm missing, > Frank > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org <mailto:bind-users@lists.isc.org> > https://lists.isc.org/mailman/listinfo/bind-users > > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users
-- Best regards Sten Carlsen No improvements come from shouting: "MALE BOVINE MANURE!!!"
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users