DNS - forwarding zones
Thread Starter
Scooby Regular
Joined: Oct 2000
Posts: 8,384
Likes: 0
From: Surrey, UK
Morning all,
Any DNS/BIND experts out there???
I've hit a small problem with Bind version 8.2.3TB5 and forwarding or probably an issue with the way the configuration is currently..
I'm using the syntax:
zone "domainx.at.y.com" {
type forward;
forwarders {111.222.333.444 ; 555.444.333.444 ; 333.333.444.444; };
forward only;
};
And it would seem that my primary server is ignoring the entries completely, and my secondaries are only acknowledging the first entry out of the 11 added to the end of the file.
Now is it:
- because they should be defined at the beginning of the file, prior to zones we manage?
or
- potentially because a delegation in a zone db file is overriding these named.conf entries? (all though, none of these new zones are defined in our db files)
Anyone seen this before? Got any suggestions???
I've been trawling through the DNS & Bind book and can't find any reason for it!!!
Cheers, Alex
Any DNS/BIND experts out there???
I've hit a small problem with Bind version 8.2.3TB5 and forwarding or probably an issue with the way the configuration is currently..
I'm using the syntax:
zone "domainx.at.y.com" {
type forward;
forwarders {111.222.333.444 ; 555.444.333.444 ; 333.333.444.444; };
forward only;
};
And it would seem that my primary server is ignoring the entries completely, and my secondaries are only acknowledging the first entry out of the 11 added to the end of the file.
Now is it:
- because they should be defined at the beginning of the file, prior to zones we manage?
or
- potentially because a delegation in a zone db file is overriding these named.conf entries? (all though, none of these new zones are defined in our db files)
Anyone seen this before? Got any suggestions???
I've been trawling through the DNS & Bind book and can't find any reason for it!!!
Cheers, Alex
Scooby Regular
Joined: Jan 2002
Posts: 667
Likes: 0
Trying to read what you want, somewhat confused, that looks like it will forward queries for the zone to the servers listed and fail if they do not give an answer??? This isn't used to replicating zones at all is it? That's what the master/slave syntax is for...
Might have completely the wrong end of the stick here..
Might have completely the wrong end of the stick here..
Thread Starter
Scooby Regular
Joined: Oct 2000
Posts: 8,384
Likes: 0
From: Surrey, UK
I've tried it without the "forward only" line and it fails completely, then.
on the secondary servers, the first forwarding entry works, but the other 10 entries are ignored.
on the primary, none of them work.
I am trying to forward requests for 11 sub domains to a third party's DNS server that can access via a dedicated link. We don't own or manage these domains, but they aren't accessed via the internet.
Does that make it clearer?
Cheers, Alex
on the secondary servers, the first forwarding entry works, but the other 10 entries are ignored.
on the primary, none of them work.
I am trying to forward requests for 11 sub domains to a third party's DNS server that can access via a dedicated link. We don't own or manage these domains, but they aren't accessed via the internet.
Does that make it clearer?
Cheers, Alex
Scooby Regular
Joined: Jan 2002
Posts: 667
Likes: 0
Makes more sense now...
The zone entry you've pasted does look like it should do what you want. Just tried that syntax and it works as expected for multiple zones, listed in named.conf after zones the server is master for.
My named is slightly newer though:
andrew@excalibur:~$ named -v
named 8.3.4-REL Tue Apr 22 15:08:55 BST 2003
andrew@excalibur.dev:/scratch2/obj/scratch/src/usr.sbin/named
The zone entry you've pasted does look like it should do what you want. Just tried that syntax and it works as expected for multiple zones, listed in named.conf after zones the server is master for.
My named is slightly newer though:
andrew@excalibur:~$ named -v
named 8.3.4-REL Tue Apr 22 15:08:55 BST 2003
andrew@excalibur.dev:/scratch2/obj/scratch/src/usr.sbin/named
Thread Starter
Scooby Regular
Joined: Oct 2000
Posts: 8,384
Likes: 0
From: Surrey, UK
Andrew,
Thats what puzzles me, as it works in part on the secondaries but fails completely on the primary. Now what is even more confusing is, it worked once on the primary, no subsequent changes to the config - but it now doesn't work...
I had considered it might be a bug in the revision of DNS we use, but couldn't find anything to support this (yet). And as we will be implementing QIP, I know it is unlikely I will get approval to perform a DNS audit and upgrade to a newer version of bind.
Jeff, unfortunately not, as it isn't deemed by the vendor an acceptable solution, they have said to implement it this way.
BTW, its basically the Reuters news feed, but under the new archecture they have set up.
Thats what puzzles me, as it works in part on the secondaries but fails completely on the primary. Now what is even more confusing is, it worked once on the primary, no subsequent changes to the config - but it now doesn't work...
I had considered it might be a bug in the revision of DNS we use, but couldn't find anything to support this (yet). And as we will be implementing QIP, I know it is unlikely I will get approval to perform a DNS audit and upgrade to a newer version of bind.
Jeff, unfortunately not, as it isn't deemed by the vendor an acceptable solution, they have said to implement it this way.
BTW, its basically the Reuters news feed, but under the new archecture they have set up.
Trending Topics
Thread Starter
Scooby Regular
Joined: Oct 2000
Posts: 8,384
Likes: 0
From: Surrey, UK
Jeff,
Yeah, thats what I reckon... oh well, I'll create a test server running a newer version.
As for QIP, from what little I know of the product, I agree with you... I put it in the same boat as IBM ESS and AIX amonst other things...
Alex
Yeah, thats what I reckon... oh well, I'll create a test server running a newer version.
As for QIP, from what little I know of the product, I agree with you... I put it in the same boat as IBM ESS and AIX amonst other things...
Alex
Scooby Regular
Joined: Nov 2000
Posts: 2,021
Likes: 1
From: 412 Wheel HP Audi RS4
Sometime ago I did a technical evaluation for a Large (v. large!) Drug company which involved spending a week in a 5 Star hotel in Manhatten and have Lucent (QIP), Checkpoint & Cisco (CNR) troop through and give a days presentation on each product.
Very interesting but also the most boring week of my life !
Very interesting but also the most boring week of my life !
Thread Starter
Scooby Regular
Joined: Oct 2000
Posts: 8,384
Likes: 0
From: Surrey, UK
Anybody know of a trusted source for BIND 8.3.4 binaries for Solaris 2.5.1? (I know I know, if you think Solaris 2.5.1 is old, you should see the kit this is all running on!). 
Cheers, Alex
Cheers, Alex
Thread Starter
Scooby Regular
Joined: Oct 2000
Posts: 8,384
Likes: 0
From: Surrey, UK
Fixed it on Bind 8.2.3TB5... not sure why, but I have to have entries in the named.conf and delegations in the zone files for it to work for the sub domains in question.
I've tried only using NS records in db.com (as I don't want to be primary for reuters.com, only delegate xxx.reuters.com domains) but it doesn't work without the named.conf entries... And the named.conf entries don't work on their own either...
Weird as... screwed version of bind me thinks...
I've tried only using NS records in db.com (as I don't want to be primary for reuters.com, only delegate xxx.reuters.com domains) but it doesn't work without the named.conf entries... And the named.conf entries don't work on their own either...
Weird as... screwed version of bind me thinks...
Thread
Thread Starter
Forum
Replies
Last Post
bluebullet29
General Technical
9
Oct 5, 2015 02:17 PM