Hi there, Due to the architecture since I have my internal DNS RPZ built I wanted my other internal DNS servers should send traffic to RPZ server and then RPZ would resolve on behalf of client.
Client --->DNS AUTH Server for xyz.com===> Fporwarder ==> 192.168.3.44===> INTERNET On Wed, Aug 8, 2018 at 10:26 PM Matus UHLAR - fantomas <uh...@fantomas.sk> wrote: > On 08.08.18 19:32, Blason R wrote: > >I am bit confused about DNS forwarders. I have two BIND Servers one is > >being used as Authoritative DNS server which has forwarder set > > why? > > > to other > >server like this > > > >Auth Server for xvyz.com 192.168.3.15 > >Recursive Server 192.168.3.44 > > > >Now if I am debugging from client side using -debug option I see > >192.168.3.15 is directly resolving with ROOT DNS Servers though I have > >recursive no; option set in my BIND config. > > BIND has internal list of root servers. > > > Ideally the query should have > >gone to 192.168.3.44 but in debug I am seeing the below output. > > ideally you would not use forwarder on BIND, unless you really must. > > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > If Barbie is so popular, why do you have to buy her friends? > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users