Re: to route specific dns query to specific dns server
Hopefully the microsoft domain is a name that is not availible on the internet, like mymsdomain.local. Then your microsoft server is known as domaincontroller.mymsdomain.local. Of course ! In that case you would setup a forwarder in BIND for mymsdomain.local that points to the microsoft dns servers. Ok, but I'd like understanding if: 1- for every query to BIND there is always a forwarding to microsoft dns servers or if there is only a forwarding for queries containing 'mymsdomain.local' domain ? 2- If I configure BIND how you suggest me, can I not permit Internet queries for ''mymsdomain.local' ? 3- Can you show me sample example of forwarding configure file for specific domain, please ? - Original Message - From: Lyle Giese To: Riccardo Castellani Sent: Tuesday, December 28, 2010 11:12 PM Subject: Re: to route specific dns query to specific dns server Riccardo Castellani wrote: I'm using Bind9 for my name server (SERVER EXT) and to give name resolution for who access from Internet to my domain (e.g. to access to my Web site or to write to my email addresses). My domain is example.com: www.Example.com test.h...@example.com This dns server maps only my pubblic addresses. This server has 2 nics: internal + external ip address. Some internal servers, as proxy or mail servers, send dns requests to this dns server to solve names. I have also internal MS domain (dns server is SERVER INT) which is different from the other, it's created by Domain Controllers + AD (activedirectory.com) and it's used to map machines into internal network. Now I my email server or proxy server (which are in internal network) need to synchronize time so they have to use my internal NTP server; these Linux machines use 'SERVER EXT' in /etc/resolv.conf, so how I can indicate to send request for specific internal name (ntp.activedirectory.com) to dns server INT ? I could insert it inot /etc/hosts but it's not dnss service !!! Hopefully the microsoft domain is a name that is not availible on the internet, like mymsdomain.local. Then your microsoft server is known as domaincontroller.mymsdomain.local. In that case you would setup a forwarder in BIND for mymsdomain.local that points to the microsoft dns servers. Then when the linux boxes want domaincontroller.mymsdomain.local, your Bind name server will ask the microsoft dns servers for the answer. Lyle Giese LCR Computer Services, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
to route specific dns query to specific dns server
I'm using Bind9 for my name server (SERVER EXT) and to give name resolution for who access from Internet to my domain (e.g. to access to my Web site or to write to my email addresses). My domain is example.com: www.Example.com test.h...@example.com This dns server maps only my pubblic addresses. This server has 2 nics: internal + external ip address. Some internal servers, as proxy or mail servers, send dns requests to this dns server to solve names. I have also internal MS domain (dns server is SERVER INT) which is different from the other, it's created by Domain Controllers + AD (activedirectory.com) and it's used to map machines into internal network. Now I my email server or proxy server (which are in internal network) need to synchronize time so they have to use my internal NTP server; these Linux machines use 'SERVER EXT' in /etc/resolv.conf, so how I can indicate to send request for specific internal name (ntp.activedirectory.com) to dns server INT ? I could insert it inot /etc/hosts but it's not dnss service !!! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
to route specific dns query to specific dns server
I'm using Bind9 for my name server (SERVER EXT) and to give name resolution for who access from Internet to my domain (e.g. to access to my Web site or to write to my email addresses). My domain is example.com: www.Example.com test.h...@example.com This dns server maps only my pubblic addresses. This server has 2 nics: internal + external ip address. Some internal servers, as proxy or mail servers, send dns requests to this dns server to solve names. I have also internal MS domain (dns server is SERVER INT) which is different from the other, it's created by Domain Controllers + AD (activedirectory.com) and it's used to map machines into internal network. Now I my email server or proxy server (which are in internal network) need to synchronize time so they have to use my internal NTP server; these Linux machines use 'SERVER EXT' in /etc/resolv.conf, so how I can indicate to send request for specific internal name (ntp.activedirectory.com) to dns server INT ? I could insert it inot /etc/hosts but it's not dnss service !!! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
query (cache) 'xxxxxxxxxxxx/A/IN' denied
I'm using Debian Sarge with Bind 9.5.1 for my DNS server and I'd like understanding because my Fedora Core 3 client (machine A) is not able to solve domains when it queries to this DNS server. I can see this error on named.log of DNS server: security: client A.B.C.D# : query (cache) '/A/IN' denied allow-query option contains machine A allow-recursion option doesn't contain machine A I'd like machine A could resolve only domains which DNS server has in cache ! It has not to do resursive queries ! If record is in cache, server gives answer otherwise it gives nxdomain ! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: query (cache) 'xxxxxxxxxxxx/A/IN' denied
I migrated from Bind 9.2 to 9.5.1 version but there was not his problem! This option was not present in mi prevoius configuration and it works fine. What do you think ? - Original Message - From: Todd Snyder tsny...@rim.com To: Riccardo Castellani ric.castell...@alice.it; bind-users@lists.isc.org Sent: Tuesday, February 09, 2010 7:18 PM Subject: RE: query (cache) '/A/IN' denied checkout allow-query-cache -Original Message- From: bind-users-bounces+tsnyder=rim@lists.isc.org [mailto:bind-users-bounces+tsnyder=rim@lists.isc.org] On Behalf Of Riccardo Castellani Sent: Tuesday, February 09, 2010 1:06 PM To: bind-users@lists.isc.org Subject: query (cache) '/A/IN' denied I'm using Debian Sarge with Bind 9.5.1 for my DNS server and I'd like understanding because my Fedora Core 3 client (machine A) is not able to solve domains when it queries to this DNS server. I can see this error on named.log of DNS server: security: client A.B.C.D# : query (cache) '/A/IN' denied allow-query option contains machine A allow-recursion option doesn't contain machine A I'd like machine A could resolve only domains which DNS server has in cache ! It has not to do resursive queries ! If record is in cache, server gives answer otherwise it gives nxdomain ! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users - This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
9.2.2 vs 9.5.1
I'm using 3 dns servers with Bind bind-9.2.2.P3-9 Master A (domain1 + domain2) Slave B (domain1) Slave C (domain2) Now I'm migrating master A to Bind 9.5.1.dfsg.P3-1 together OS (Debian Lenny) so I'm interesting to know if there is some incompatible settings from/to slave servers. For example in slave B,C there is no setting about auth-nxdomain directive while in server A I found set auth-nxdomain no; I have to specify in server A these 2 options to permit only zones transfer to these only 2 servers ? allow-transfer { IpServerB } allow-transfer { IpServerC } ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users