Re: forwarding ".local" subdomains when "local" exist

Tue, 03 Sep 2024 09:47:02 -0700 

On 16.08.24 19:55, Tim Maestas wrote:

You need to have the delegation in the parent in order for the forwarding
to kick in. It can be bogus, but it has to be there. You'll find the same
behavior when you're authoritative for the root zone; any type forwarded
zones will need to also have NS in the root ( or closest enclosing
authoritative zone).


Thanks, this worked.


I created ".local" zone (copied from db.empty) with dummy NS for 
"example.local" and forwarding works, just as ".local" is resolved locally.




On Fri, Aug 16, 2024, 7:13 AM Matus UHLAR - fantomas <uh...@fantomas.sk>
wrote:

our customer has private .local zone "example.local"
(I know this should be used for multicast...)
so I have configured forwarding queries for this domain to his servers:

zone "example.local" {
         type forward;
         forward only;
         forwarders {
                 192.168.0.1;
         };
};

zone "168.192.in-addr.arpa" {
         type forward;
         forward only;
         forwarders {
                 192.168.0.1;
         };
};

Since some queries for ".local" zone were leaking out of their network,
I have long ago locally configured empty zone "local":

zone "local" {
        type master;
        file "/etc/bind/db.empty";
};

Now, the resolution od "example.local" does not work, named returns
"nxdomain", doesn't forward the query.

when I commented out the "local" zone, named started working,
I just needed to add
  validate-except { "local"; };
guess I understand why.


 From the history I remember that defining zone (example.local) with no
delegation in the parent zone (local) does not cause issues (locally).

Is "type forward" special in this case?

Debian 12, BIND 1:9.18.28-1~deb12u2


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
   One OS to rule them all, One OS to find them,
One OS to bring them all and into darkness bind them
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to