Path: csiph.com!2.eu.feeder.erje.net!feeder.erje.net!feeds.news.ox.ac.uk!news.ox.ac.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail From: Matus UHLAR - fantomas Newsgroups: comp.protocols.dns.bind Subject: Re: "forward first" set on a master zone not working as expected Date: Thu, 3 Sep 2020 09:51:28 +0200 Lines: 57 Approved: bind-users@lists.isc.org Message-ID: References: <2B932467-EE30-41AB-9C62-EE9FD8D3A96B@viertaxa.com> <20200903075128.GA14696@fantomas.sk> NNTP-Posting-Host: lists.isc.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Trace: usenet.stanford.edu 1599119504 3600 149.20.1.60 (3 Sep 2020 07:51:44 GMT) X-Complaints-To: action@cs.stanford.edu To: bind-users@lists.isc.org Return-Path: X-Original-To: bind-users@lists.isc.org Delivered-To: bind-users@lists.isc.org X-Authentication-Warning: fantomas.fantomas.sk: uhlar set sender to uhlar@fantomas.sk using -f Mail-Followup-To: bind-users@lists.isc.org Content-Disposition: inline In-Reply-To: <2B932467-EE30-41AB-9C62-EE9FD8D3A96B@viertaxa.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-0.0 required=5.0 tests=SPF_HELO_PASS,SPF_PASS autolearn=disabled version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org X-BeenThere: bind-users@lists.isc.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: BIND Users Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Mailman-Original-Message-ID: <20200903075128.GA14696@fantomas.sk> X-Mailman-Original-References: <2B932467-EE30-41AB-9C62-EE9FD8D3A96B@viertaxa.com> Xref: csiph.com comp.protocols.dns.bind:16090 On 02.09.20 15:00, Taylor Vierrether via bind-users wrote: > I am attempting to set up an internal DNS server that is authoritative for > internal resources, but also will respond for external resources on the > same domain that it does not have records for. > > For example, I have a domain sub.example.com , and I want to have internal > entries in the BIND zone file for host1.sub.example.com and > host2.sub.example.com. That part is working fine. However, there is a > publicly available DNS entry for sub.example.com that I want my internal > clients to be able to resolve, but I don’t want to have the IP in the BIND > zone file, because the IP is dynamic. you can delegate that entry elsewhere. > There are also some hosts (host3.sub.example.com ) and > (host4.sub.example.com) that are externally resolvable that I don’t want > to put in my internal BIND file because they are not controlled by me. > (Think CNAME to a SaaS application) you can delegate those records somewhere. >I’ve attempted to do this as follows, and it seems to make sense that it > would work, but it does not. > > >named.conf: > >zone “sub.example.com" IN { > type master; > file "/etc/bind/sub.example.com.zone"; > forward first; > forwarders { 1.1.1.1; 1.0.0.1; }; >}; forwarding is not used for zone other than "type forward". >What actually happens, is if I query for sub.example.com I get the following from nslookup: >*** Can't find sub.example.com: No answer if you search for "sub.example.com" record, you can not delegate that one, of course. you apparently should use redesign your DNS. Easiest way would be using different domain internally. >And if I query for host3.example.com , I get the following from nslookup: >** server can't find host3.sub.example.com: NXDOMAIN note that nslookup is very bad program for tracking DNS errors. use "host" or "dig" for that case. -- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I just got lost in thought. It was unfamiliar territory.