Dnia 2011-02-04 23:16 Jean-Yves Avenard napisał(a):
>Hi
>
>On 4 February 2011 22:54, Eivind Olsen <eiv...@aminor.no> wrote:
>
>> Unless I'm misunderstanding something, it should work. Here's an extract
>> from the BIND 9.7 ARM, section 6.2.16.2:
>>
>> "Forwarding occurs only on those queries for which the server is not
>> authoritative and does not have the answer in its cache."
>>
>> How exactly had you configured forwarding in your named.conf file?
>
>I use bind that comes with mac os 10.6 server (9.6.0-APPLE-P2);
>
>named.conf at the beginning includes a file options.conf.apple like so:
>options {
> include "/etc/dns/options.conf.apple";
>};
>
>options.conf.apple contains:
>directory "/var/named";
>
>forwarders { 203.59.24.3; 203.0.178.191; 203.134.24.70; };
>
>allow-transfer { none; };
>
>in named.conf I then have:
>include "/etc/dns/privateView.conf";
>
>which contains:
>view "intranet_view" {
>
>match-clients { 127.0.0.0/8; 192.168.0.0/23; };
>
> allow-recursion { "internal"; };
>
>zone "." {
> type hint;
> file "named.ca";
>};
>
>zone "domain.com" {
> type master;
> file "internal/db.domain.com";
> check-names ignore;
> notify TRUE;
> allow-update { key "rndc-key"; };
> // Cancel the forwarding for this authoritative domain.
> forwarders {
> };
>};
>
>On the other hand ; is the server authoritative for the sub-domain
>mel.domain.com provided I added the delegation ?
>digg shows something like:
>;; AUTHORITY SECTION:
>mel.domain.com. 7200 IN NS ad.domain.com.
This answer is not stating that it's authorative, but only that authorities
are below.
My wild guess ont what's happening, and why disabling forwarders fix this:
without NS m.domain.com is authorative for mel.domain.com, so it answers for
A mel.domain.com without issues.
Now, with NS, it's not authorative, as you've just set up a delegation. So,
when it receives the question it forwards it to one of three forwarding
servers. And they probably don't know how to access ad.domain.com (as it has
private IP adress, and these are public - that's one part of guess), they
end up not resolving the name.
Can verify that 203.59.24.3; 203.0.178.191; 203.134.24.70; can call
192.168.0.3, on that address?
Also, keep in mind that normally you should not use only one NS per
delegation, but a minimum of two. Here, for a testing environment (I guess)
it'll work, but don't do it on production environment.
Torinthiel
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
