On 24.03.21 17:08, Olivier wrote:
After reading [1]and many trials, I couldn't figure how to set a Bind9 (9.11.5 on Debian Buster) server to operate this way:- server has two Ethernet interfaces, one connected to foo.lan/ 192.168.51.0/24 domain/network, the other connected to bar.lan/ 192.168.43.0/24 domain/network - I want it to resolve for bar.lan and for anything to query a DNS server available on foo.lan. My anonymized /etc/bind/named.conf.local content is: acl "good-guys" { localnets; }; zone "bar.lan" { type master; file "/etc/bind/db.bar.lan"; forwarders {}; allow-query { "good-guys"; }; }; zone "43.168.192-in-addr.arpa" { type master; file "/etc/bind/rev.43.168.192.in-addr.arpa"; forwarders {}; }; zone "foo.lan" { type master; file "/etc/bind/db.foo.lan"; forwarders { 192.168.51.1; }; }; zone "51.168.192-in-addr.arpa" { type master; file "/etc/bind/rev.51.168.192.in-addr.arpa"; forwarders { 192.168.51.1; }; Resolution works for: bar.lan, google.com host1.foo.lan if entry present in /etc/bind/db.foo.lan but it does not work for: host2.foo.lan if entry not present in /etc/bind/db.foo.lan
"file" is used in master and slave zones. "forwarders" is used in "type forward" zones. those are mutually-exclusice, so forwarders aren't used for master and slave zones, while "file" is not used for "type forward" zones. Maybe you want something like dnsmasq? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. We are but packets in the Internet of life (userfriendly.org) _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
