All,
I have tried to search on the web for a solution for the following
problem, but I didn succeed.
My goal:
I run an internal DNS server ('10.10.10.1'), which is authoritive for an
internal domain ('domain1.com'), and allows recursion for internal
networks. We have another internal nameserver (192.168.1.1), which is
authoritive for another internal domain ('domain2.com').
On 10.10.10.1, I would like to forward requests for 'domain2.com' to
server 192.168.1.1.
My setup:
I am using views on 10.10.10.1. The server runs on version 9.8.1-p1.
Below is the relevant view, including my forwarding statement, and
the relevant acl:
acl "trusted" {
192.168.0.0/24;
127.0.0.1/32;
localhost;
};
view "internal-in" in {
match-clients { trusted; };
additional-from-auth yes;
additional-from-cache yes;
allow-transfer {
none;
};
allow-query {
trusted;
};
allow-recursion {
trusted;
};
zone "domain2.com" {
type forward;
forwarders { 192.168.1.1; };
};
zone "." in {
type hint;
file "/<some_path_to_file>/db.root";
};
zone "domain1.com" in {
type master;
file "/<some_path_to_file>/cdc.foundstone.com.zone";
};
};
The problem:
If I perform a query from a network, part of the trusted acl, I can see
that the query is send to root servers and then to the .com servers:
$ dig domain2.com NS +trace
; <<>> DiG 9.8.1-P1 <<>> domain2.com NS +trace
;; global options: +cmd
. 518350 IN NS g.root-servers.net.
. 518350 IN NS d.root-servers.net.
. 518350 IN NS f.root-servers.net.
. 518350 IN NS a.root-servers.net.
. 518350 IN NS m.root-servers.net.
. 518350 IN NS b.root-servers.net.
. 518350 IN NS i.root-servers.net.
. 518350 IN NS j.root-servers.net.
. 518350 IN NS h.root-servers.net.
. 518350 IN NS e.root-servers.net.
. 518350 IN NS l.root-servers.net.
. 518350 IN NS k.root-servers.net.
. 518350 IN NS c.root-servers.net.
;; Received 512 bytes from 127.0.0.1#53(127.0.0.1) in 2435 ms
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
I have also sniffed UDP packets on the wire. But I don see any packets
going towards 192.168.1.1.
Question:
Any idea what is wrong in my configuration?
Thanks in advance for your help!
Regards,
Carol
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
