Re: forward only recursive server doesn't forward

Wed, 19 Oct 2016 20:26:22 -0700 

In message <CAB1R3siEjShqvCAU_JJm_RwAnU_vK==3fqjxpc+kemmylgc...@mail.gmail.com>
, Alex writes:
> Hi Mark,
> 
> On Wed, Oct 19, 2016 at 9:48 PM, Mark Andrews <ma...@isc.org> wrote:
> >
> > In message <CAB1R3sjkUOzWeEbyhSF-s+J=Wfu2La2kQ513uRQu9YFi=JcC2g@mail.gmail.
> com>, Alex writes:
> >> Hi,
> >>
> >> I have a bind-9.10.3 server on fedora22 that is authoritative for a
> >> few domains and their corresponding IP ranges. I'd like to set up
> >> another domain server (rbldnsd) on a host in one of those domains as a
> >> forward-only server.
> >>
> >> The problem appears to be that the queries from the local box to the
> >> subdomain being managed by the rbldnsd server are being answered by
> >> the local bind instead of being sent to the remote machine running
> >> rbldnsd.
> >
> > Add a delegation for scann.example.com in example.com.  Forward
> > zones control *where* the queries are sent, not if queries are sent.
> 
> I'm sorry, I don't understand. This system is already a slave for the
> forward zone example.com. I just realized I forgot to include that in
> my previous post:
> 
> zone "example.com" {
>         type slave;
>         file "slaves/db.example.com";
>         masters { 64.1.1.3; };
>         allow-query { any; };
>         allow-transfer { trusted; };
> };

Add NS records for scann.example.com to example.com.  This is how
nameservers are supposed to find out which machines serve which
zones.

scann.example.com.  3600 NS <name-of-66.104.104.66>.

To go from the root zone to the org zone the root zone has a copy
of the NS records for org.

org.                    60444   IN      NS      b0.org.afilias-nst.org.
org.                    60444   IN      NS      a2.org.afilias-nst.info.
org.                    60444   IN      NS      a0.org.afilias-nst.info.
org.                    60444   IN      NS      b2.org.afilias-nst.org.
org.                    60444   IN      NS      d0.org.afilias-nst.org.
org.                    60444   IN      NS      c0.org.afilias-nst.info.

Similarly to go from the org zone to the isc.org zone the org zone has
a copy of the NS records for isc.org.

isc.org.                7200    IN      NS      ord.sns-pb.isc.org.
isc.org.                7200    IN      NS      ns.isc.afilias-nst.info.
isc.org.                7200    IN      NS      ams.sns-pb.isc.org.
isc.org.                7200    IN      NS      sfba.sns-pb.isc.org.

Mark

> Thanks,
> Alex
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: ma...@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to