Hello: I set up a forward zone in the internal view of my named.conf:
view internal { match-clients { 127.0.0.1; }; recursion yes; allow-query-cache { any; }; zone "dnsbl" { type forward; forwarders { 127.0.0.1 port 54; }; forward only; }; }; When I run dig against the forward zone: dig -p 54 @127.0.0.1 2.0.0.127.zen.dnsbl It gives me the expected output: ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> -p 54 @127.0.0.1 2.0.0.127.zen.dnsbl ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57571 ;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;2.0.0.127.zen.dnsbl. IN A ;; ANSWER SECTION: 2.0.0.127.zen.dnsbl. 300 IN A 127.0.0.2 2.0.0.127.zen.dnsbl. 300 IN A 127.0.0.10 2.0.0.127.zen.dnsbl. 300 IN A 127.0.0.4 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#54(127.0.0.1) ;; WHEN: Wed Nov 27 21:24:45 2013 ;; MSG SIZE rcvd: 85 But, when I run dig against bind: dig -p 53 @127.0.0.1 2.0.0.127.zen.dnsbl I get a SERVFAIL response: ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> -p 53 @127.0.0.1 2.0.0.127.zen.dnsbl ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 46895 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;2.0.0.127.zen.dnsbl. IN A ;; Query time: 144 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Nov 27 21:25:50 2013 ;; MSG SIZE rcvd: 37 Taking a look at /var/named/data/named.run, I see these lines: error (chase DS servers) resolving 'zen.dnsbl/DS/IN': 127.0.0.1#54 error (unexpected RCODE REFUSED) resolving 'dnsbl/NS/IN': 127.0.0.1#54 error (no valid DS) resolving '2.0.0.127.zen.dnsbl/A/IN': 127.0.0.1#54 I am not sure what to make of this. Anyone have any ideas? Thanks, Neil -- Neil Aggarwal, (972) 834-1565 We lend money to investors to buy or refinance single family rent houses. No origination fees, quick approval, no credit check. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users