Eric,
your BIND9 servers is on a "Public" network (trying to talk to the Public
IP of the VR during forwarding DNS requests) or a VM inside an Isolated
network behind VR)?
Andrija
On Fri, 24 May 2019 at 02:15, Eric Lee Green <eric.lee.gr...@gmail.com>
wrote:
> I had this working under 4.9. All I did was, on my main BIND9 servers,
> point a forward zone at 'cloud.<mydomain>.com' to the virtual router
> associated with all VM's that were publicly available. I could then
> resolve all foo.cloud.<mydomain>.com names on my global network.
>
> Somehow, though, this quit working after I updated to 4.11. I'm not
> quite sure why.
>
> The 'Guest Network' is defined with domain 'cloud.mydomain.com'.
>
> Okay, so my router for the 'Guest Network' advanced networking is
> located at 10.102.199.148. In my master BIND9 DNS server at 10.31.1.2 I
> have this:
> zone "cloud.mydomain.com" IN {
> type forward;
> forward only;
> forwarders {
> 10.102.199.148;
> };
> };
>
> If I send a NAMED request directly to the virtual router while logged
> into my main name server, it works:
>
> [root@ypbind ~]# host eric-gui.cloud.mydomain.com 10.102.199.148
> Using domain server:
> Name: 10.102.199.148
> Address: 10.102.199.148#53
> Aliases:
>
> eric-gui.cloud.mydomain.com has address 10.102.199.234
>
> If I try to use the name server however, it doesn't work:
>
> [root@ypbind logs]# host eric-gui.cloud.mydomain.com
> Host eric-gui.cloud.viakoo.com not found: 3(NXDOMAIN)
>
> I'm baffled, because this *was* working.
>
> So I disabled any dnssec in the {options} on bind9 and gave all
> permissions to see if that was the problem (note that this is internal
> to my infrastructure, so DNS amplification isn't an issue):
>
> dnssec-enable no;
> dnssec-validation no;
> dnssec-lookaside auto;
> recursion yes;
> allow-recursion { any; };
> allow-query { any; };
> allow-query-cache { any; };user
>
> Still nope. Still baffled.
>
> Anybody got any clues as to what I may be doing wrong? I'm thinking it
> has to be on the BIND9 side, because I can resolve the host name if I
> talk to the virtual router directly, but for some reason it's not
> allowing me to get any records from the router.
>
> Right now I've temporarily worked around this with a script that
> directly queries the MySQL database every few minutes and generates a
> revised zone file on my master DNS server when the list of virtual
> machines queried out of the database changes, but that's clearly not the
> right way to do it. The question is, what *is* the right way to do it?
>
> -Eric
>
>
>
--
Andrija Panić
