Re: forward option in dns server

2024-07-06 Thread Renzo Marengo
yes this helped me. thanks Il giorno 28 giu 2024, alle ore 13:10, Greg Choules ha scritto:Does that help?Cheers, GregOn Fri, 28 Jun 2024 at 11:58, Renzo Marengo wrote:Hi Greg again! :)> 1) This should help you understand the difference between recursive and non-recursiv

Re: forward option in dns server

2024-07-03 Thread Greg Sloop
I have a similar setup, and I do it the way that Greg Choules suggests. I could probably dig up the exact way I have BIND configured, but the function is like this: Clients query the non-AD BIND servers, for *all* queries. For the AD zone, we use something like this; Our first level domain, lets a

Re: forward option in dns server

2024-06-28 Thread Fred Morris
Although I see listen-on in your named.conf snippet, I don't see query-source. You can listen on a different interface / address than the one you issue queries from. If you need to issue queries selectively on different interfaces, see the server stanza and put query-source in there. -- Fred

Re: forward option in dns server

2024-06-28 Thread Greg Choules via bind-users
Correct. On Fri, 28 Jun 2024, 12:54 Renzo Marengo, wrote: > Ok very veri interesting,and about this doubt? > > etc/resolv.conf in bind server is used only from client services ? E.g. > ping tool > I think bind9 dns service doesn't contact any /etc/resolv.conf, right? > > Thanks again > > Il gior

Re: forward option in dns server

2024-06-28 Thread Renzo Marengo
Ok very veri interesting,and about this doubt? etc/resolv.conf in bind server is used only from client services ? E.g. ping tool I think bind9 dns service doesn't contact any /etc/resolv.conf, right? Thanks again Il giorno ven 28 giu 2024 alle ore 13:10 Greg Choules < gregchoules+bindus...@googl

Re: forward option in dns server

2024-06-28 Thread Greg Choules via bind-users
Hi again Renzo. In general, BIND (and other resolvers) make non-recursives (aka iterative) queries to authoritative servers, such as the roots and others. - Clients (laptops etc.) make recursive queries to the DCs. If the DCs know the answer they respond immediately; no forwarding needed. - If th

Re: forward option in dns server

2024-06-28 Thread Renzo Marengo
Hi Greg again! :) > 1) This should help you understand the difference between recursive and non-recursive queries. I read about recursive and iterative query but I think A.B.C.D server should be as recursive server for domain controllers, I ask myself the same question to root servers? Or Bind9 se

Re: forward option in dns server

2024-06-27 Thread Greg Choules via bind-users
Hi Renzo. You're welcome. 1) Correct. You don't need forwarding for a simple resolver. Take a look at the meaning of the RD flag in the BIND protocol header. This should help you understand the difference between recursive and non-recursive queries. 2) No. See 1) 3) Yes. For a standard resolver fac

Re: forward option in dns server

2024-06-27 Thread Renzo Marengo
Hi greg, I thank you again for your suggestions. >A.B.C.D is the address of this server? yes, It's the Bind server I read several documents about DNS architecture My questions is about this configuration of bind: 1- according to your opinion my bind makes queries ro root server if is set no 'for

Re: forward option in dns server

2024-06-27 Thread Greg Choules via bind-users
Hi Renzo. Thank you for that. The hints look OK. A bit old, but they will work. The first thing I would advise you to do as a matter of priority is to upgrade BIND. 9.11 has been end-of-life for a few years and there have been many security fixes since then. 9.18.27 is the current version. You co

Re: forward option in dns server

2024-06-27 Thread Renzo Marengo
Hi Greg, he info you required: 1) BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.2 (Extended Support Version) on running on Linux x86_64 3.10.0-1160.2.2.el7.x86_64 2) named.ca if file which contains root servers named.ca . 518400 IN NS a.root-servers.net. .

Re: forward option in dns server

2024-06-27 Thread Greg Choules via bind-users
Hi Renzo. Ah OK, I had it the wrong way round. AD DNS needs to resolve names in the Internet on behalf of its clients, so it forwards to BIND. In that case, two questions: 1) What version of BIND are you running? You can get this with "named -V" 2) What is in the file "named.ca"? For a long time (

Re: forward option in dns server

2024-06-27 Thread Renzo Marengo
Hi Greg, thank you very much for your explanation. Let’s supposte AD domain was ‘my domain.it’ and I have 6000 computers of government institute. Here my bind configuration: named.conf ——— include “…. named.conf.options" ; zone "." IN { type hint; file "named.ca"; }; include “…. named.

Re: forward option in dns server

2024-06-27 Thread Greg Choules via bind-users
Hi Renzo. Firstly, please can we see your BIND configuration and have the actual AD domain name. Secondly, BIND, or any other recursive DNS server, does not 'forward' to the root servers, unless you have configured it explicitly to do so, which would be a bad idea and not work anyway. It will recu

forward option in dns server

2024-06-27 Thread Renzo Marengo
I have Active Directory domain ( 'mydomain.it' ) with 8 domain controllers to manage 8000 computers. Every Domain controller acts as dns service and resolve internal domain names while forward queries about external domains to another server, which Bind9 dns server (It's inside my company) I'm chec