Sending from the correct email alias this time!
On Thu, 3 Mar 2022 at 09:53, Greg Choules
wrote:
> Hi Greg.
> Basically, you can't forward out of authority. If server A is
> authoritative for "example.com" it is authoritative for that and
> everything below that, ad infinitum, unless you tell it
>Are you loading the parent domain and trying to zone forward a child domain on
>the same DNS server? I.e. loading somedomain.local and trying to forward
>ab.somedomain.local
Yup, exactly.
That solution was suggested by Jeff Sumner yesterday, but it seemed a little
nuts to me (BIND behaving
Are you loading the parent domain and trying to zone forward a child domain
on the same DNS server? I.e. loading somedomain.local and trying to forward
ab.somedomain.local
If so an NS delegation is required in every instance I have done in my
environment. The NS doesn't need to be "right" but it n
Static-sub fixes the issue.
Any idea why static-sub works when forwarder doesn't?
(Again, the server is using recursion. Dig queries return the RA flag, so I
know it's actually offering recursion in reality.)
I can live with static-sub just fine, since it works - but I'd really love to
unde
This got held up in moderation. Let me repost it, from my regular mail client...
> You didn’t share much of your configuration except the one forwarded zone,
> not a lot to go on.
Fair enough. (I guess I thought you could just infer all the needed
information! Oops!)
Let me try Ondrej's s
Is static-stub something you are looking for?
Reference documentation:
https://bind9.readthedocs.io/en/v9_18_0/reference.html?highlight=static-stub#zone-types
And in human terms:
https://jpmens.net/2011/01/25/binds-new-static-stub-zone-type/
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My work
On 3/1/22 5:35 AM, Matus UHLAR - fantomas wrote:
you are right, forwarding queries requires recursion.
Thank you for the confirmation Matus. :-)
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-users t
On 2/28/22 1:47 PM, Gregory Sloop wrote:
I figured before I beat my head against the wall for too long, I'd
ask the real experts! :)
On 28.02.22 22:27, Grant Taylor via bind-users wrote:
I'm definitely not an expert. I don't even pretend to be one on T.V.
But I do wonder what, if any, sort o
On 2/28/22 1:47 PM, Gregory Sloop wrote:
I figured before I beat my head against the wall for too long, I'd ask
the real experts! :)
I'm definitely not an expert. I don't even pretend to be one on T.V.
But I do wonder what, if any, sort of restrictions you are placing on
recursion on your sy
You didn’t share much of your configuration except the one forwarded zone,
not a lot to go on.
But one thing to check, you do have recursion enabled on the server?
On Mon, Feb 28, 2022 at 6:34 PM Gregory Sloop wrote:
> Wow. I hate to be the guy who looks the gift horse in the mouth - but that
>
Wow. I hate to be the guy who looks the gift horse in the mouth - but that just
seems "wrong." :)
(Not the answer, but that that would be the way BIND wants it done.)
So, now I've got two sets of NS and glue records?
Please tell me that's not the way BIND insists you do this!
I guess I shoul
Add Delegating NS records:
ab.somedomain.local 3600 NS server1.ab.somedomain.local
.
.
.
And glue records
server1.ab.somedomain.local 3600 A 10.0.0.1
.
.
And see if it works. It’s got something to do with the way the record is
matched (or not) before the forward statement is hit.
J
> On Fe
So, I want to forward all queries for
*.ab.somedomain.local to some other internal DNS servers.
(Records in *.ab.somedomain.local actually are our active domain servers)
(Yes, I know .local is reserved now, but we've been using it a long time and
changing would be rather painful. Unless there's
So why doesn’t it work to make your limited server authoritative for the
root and only forward the zones you want? Anything that isn’t in a
forwarded zone does not exist (except the root itself).
On Sat, Apr 17, 2021 at 11:07 PM Marki wrote:
>
> On 4/14/2021 12:44 AM, Sebby, Brian A. via bind-us
On 4/14/2021 12:44 AM, Sebby, Brian A. via bind-users wrote:
My situation is due to a security requirement. We have DNS servers at
our site running BIND that allow recursion, but I’ve been requested to
set up some additional DNS servers for another project that is
expected to **only** acces
rgonne National Laboratory
From: bind-users on behalf of RK K
Date: Wednesday, April 7, 2021 at 7:40 PM
To: "bind-users@lists.isc.org"
Subject: Re: forwarding zone setup from a BIND slave (without recursion?)
Hello Marki, Matus,
Thank you for the insights on this topic.
Answering
Mark Andrews wrote:
> > On 8 Apr 2021, at 00:37, Tony Finch wrote:
> >
> > Forward zones require the upstream server to be recursive too.
>
> More correctly, the upstream server has to serve the entire namespace being
> forwarded if it does not off recursion to the client for forwarding to
> work
;
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
>
>
> Today's Topics:
>
>1. Re: forwarding zone setup from a BIND slave (without
> recursion?) (Chuck Aurora)
>2. Re: forward
lease edit your Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
>
>
> Today's Topics:
>
>1. forwarding zone setup from a BIND slave (without recursion?)
> (RK K)
>2. Re: forwarding zone setup from a BIND slave (wit
> On 8 Apr 2021, at 00:37, Tony Finch wrote:
>
> Chuck Aurora wrote:
>>
>> A stub or static-stub zone would not require recursion. In that case
>> named is asking for authoritative data from upstream. But type
>> forward zones indeed cannot work if recursion is disabled.
>
> Be careful in
Chuck Aurora wrote:
>
> A stub or static-stub zone would not require recursion. In that case
> named is asking for authoritative data from upstream. But type
> forward zones indeed cannot work if recursion is disabled.
Be careful in this kind of situation to be very clear about which client
or
On 2021-04-07 03:59, Marki wrote:
To elaborate a little bit on that... Indeed that is how it works,
unfortunately. When you start using forwarders or stubs, recursion
needs to be enabled because you're no longer looking for your own
authoritative data only.
A stub or static-stub zone would not
Hello,
On 4/7/2021 10:35 AM, Matus UHLAR - fantomas wrote:
On 06.04.21 22:47, RK K wrote:
In this scenario, in-order for the secondary server to forward the DNS
query to an external DNS server, is it required to enable the
recursion in
the global options on the secondary servers?
yes.
To
On 06.04.21 22:47, RK K wrote:
We have a set of BIND primary servers (MASTERs) and a set of secondary
servers (slaves to the MASTERs).
The secondary BIND DNS servers disabled recursion ( with "*recursion no;" *)
in the global options.
All the applications/systems do use secondary DNS servers for
All,
We have a set of BIND primary servers (MASTERs) and a set of secondary
servers (slaves to the MASTERs).
The secondary BIND DNS servers disabled recursion ( with "*recursion no;" *)
in the global options.
All the applications/systems do use secondary DNS servers for name
resolution.
Now there
25 matches
Mail list logo
