Groups | Search | Server Info | Login | Register
Groups > comp.protocols.dns.bind > #16090
| Path | csiph.com!2.eu.feeder.erje.net!feeder.erje.net!feeds.news.ox.ac.uk!news.ox.ac.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Matus UHLAR - fantomas <uhlar@fantomas.sk> |
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: "forward first" set on a master zone not working as expected |
| Date | Thu, 3 Sep 2020 09:51:28 +0200 |
| Lines | 57 |
| Approved | bind-users@lists.isc.org |
| Message-ID | <mailman.867.1599119452.942.bind-users@lists.isc.org> (permalink) |
| References | <2B932467-EE30-41AB-9C62-EE9FD8D3A96B@viertaxa.com> <20200903075128.GA14696@fantomas.sk> |
| NNTP-Posting-Host | lists.isc.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=utf-8; format=flowed |
| Content-Transfer-Encoding | 8bit |
| X-Trace | usenet.stanford.edu 1599119504 3600 149.20.1.60 (3 Sep 2020 07:51:44 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | bind-users@lists.isc.org |
| Return-Path | <uhlar@fantomas.sk> |
| X-Original-To | bind-users@lists.isc.org |
| Delivered-To | bind-users@lists.isc.org |
| X-Authentication-Warning | fantomas.fantomas.sk: uhlar set sender to uhlar@fantomas.sk using -f |
| Mail-Followup-To | bind-users@lists.isc.org |
| Content-Disposition | inline |
| In-Reply-To | <2B932467-EE30-41AB-9C62-EE9FD8D3A96B@viertaxa.com> |
| User-Agent | Mutt/1.10.1 (2018-07-13) |
| X-Spam-Status | No, score=-0.0 required=5.0 tests=SPF_HELO_PASS,SPF_PASS autolearn=disabled version=3.4.2 |
| X-Spam-Checker-Version | SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org |
| X-BeenThere | bind-users@lists.isc.org |
| X-Mailman-Version | 2.1.29 |
| Precedence | list |
| List-Id | BIND Users Mailing List <bind-users.lists.isc.org> |
| List-Unsubscribe | <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe> |
| List-Archive | <https://lists.isc.org/pipermail/bind-users/> |
| List-Post | <mailto:bind-users@lists.isc.org> |
| List-Help | <mailto:bind-users-request@lists.isc.org?subject=help> |
| List-Subscribe | <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe> |
| X-Mailman-Original-Message-ID | <20200903075128.GA14696@fantomas.sk> |
| X-Mailman-Original-References | <2B932467-EE30-41AB-9C62-EE9FD8D3A96B@viertaxa.com> |
| Xref | csiph.com comp.protocols.dns.bind:16090 |
Show key headers only | View raw
On 02.09.20 15:00, Taylor Vierrether via bind-users wrote:
> I am attempting to set up an internal DNS server that is authoritative for
> internal resources, but also will respond for external resources on the
> same domain that it does not have records for.
>
> For example, I have a domain sub.example.com , and I want to have internal
> entries in the BIND zone file for host1.sub.example.com and
> host2.sub.example.com. That part is working fine. However, there is a
> publicly available DNS entry for sub.example.com that I want my internal
> clients to be able to resolve, but I don’t want to have the IP in the BIND
> zone file, because the IP is dynamic.
you can delegate that entry elsewhere.
> There are also some hosts (host3.sub.example.com ) and
> (host4.sub.example.com) that are externally resolvable that I don’t want
> to put in my internal BIND file because they are not controlled by me.
> (Think CNAME to a SaaS application)
you can delegate those records somewhere.
>I’ve attempted to do this as follows, and it seems to make sense that it
> would work, but it does not.
>
>
>named.conf:
>
>zone “sub.example.com" IN {
> type master;
> file "/etc/bind/sub.example.com.zone";
> forward first;
> forwarders { 1.1.1.1; 1.0.0.1; };
>};
forwarding is not used for zone other than "type forward".
>What actually happens, is if I query for sub.example.com I get the following from nslookup:
>*** Can't find sub.example.com: No answer
if you search for "sub.example.com" record, you can not delegate that one,
of course.
you apparently should use redesign your DNS. Easiest way would be using
different domain internally.
>And if I query for host3.example.com , I get the following from nslookup:
>** server can't find host3.sub.example.com: NXDOMAIN
note that nslookup is very bad program for tracking DNS errors.
use "host" or "dig" for that case.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.
Back to comp.protocols.dns.bind | Previous | Next | Find similar
Re: "forward first" set on a master zone not working as expected Matus UHLAR - fantomas <uhlar@fantomas.sk> - 2020-09-03 09:51 +0200
csiph-web