Re: bind9 forward zones

This is a discussion on Re: bind9 forward zones within the Bind Users forums, part of the DNS and Related Forums category; In article <d3ckqf$1680$1@sf1.isc.org>, Tom Allison <tallison@tacocat.net> wrote: > Hello, &...


Go Back   Usenet Forums > DNS and Related Forums > Bind Users

Reload this Page Re: bind9 forward zones

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 04-11-2005
Barry Margolin
 
Posts: n/a
Default Re: bind9 forward zones
In article <d3ckqf$1680$1@sf1.isc.org>,
Tom Allison <tallison@tacocat.net> wrote:

> Hello,
>
> I'm trying to do two things with forwarders.
>
> The first is to forward requests to my ISP DNS servers to avoid hitting
> the root servers where I can. Originally I am pretty sure that my
> options{ forwarders...} was working correctly, but I can't validate that
> using dig.

Why do you want to add an extra lookup hop, and a potential point of
failure? You'll probably get better performance by going to the root
servers directly.

>
> The second is to forward a specific zone to another subnet (VPN) for
> domain resolution. This second subnet has it's own domain servers and I
> would like to utilize them for that subnet for simplicity.
>
> using things like dig +trace, it appears that I am using neither one of
> my forwarders.
>
> So, two questions:
> What is the correct method of using dig to validate that my forwarders
> are working correctly -- what should I see and what should I not see?

I don't think you can see it using dig. Dig only shows what's going on
between the client and server, it doesn't have any way of showing what
the server does. If you want to verify your forwarders are working, use
tcpdump or Ethereal to capture the DNS packets and see where they're
going.

>
> Is the following format actually correct? It doesn't act like it.
>
> Currently I have the following in my named.conf:
>
> options {
> notify no;
> forwarders {
> 24.169.224.226;
> 24.169.224.230;
> };
> forward first;
>
> auth-nxdomain no; # conform to RFC1035
>
> allow-query {
> 192.168.3/24;
> 192.168.30/24;
> 127.0.0/24;
> };
>
> allow-transfer { none; };
> recursion yes;
> };
>
>
> zone "vpndomain.com" {
> type forward;
> //forward first;
> forwarders { 192.168.30.2; };
> //allow-query { 192.168.3.0/24; };
> };
>
> zone "30.168.192.in-addr.arpa" {
> type forward;
> //forward first;
> forwarders { 192.168.30.2; };
> //allow-query { 192.168.3.0/24; };
> };

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***


Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 11:09 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0