You need recursion, but only for specific clients. If you use "recursion yes;", then as I've told you, anyone in the world can use your server as a resolver, resulting in cache poisoning, DOS etc
Quote:
|
This leaves the questions standing: If I'm not supposed to use recursion, but I need it for forwarding, what am I supposed to do?
Does forwarding act as a proxy agent (my assumption), or does it act as a redirecting agent (what it looks like at this point)? How would "hint" achieve the desired effect? For that matter... what does hint do? |
Last night, I started configuring it as a master/slave. The reason I chose forwarding was because I didn't want any caching whatsoever and forwarding appeared to achieve that. Forwarding doesn't act as a proxy though.... so there isn't much point in using it.
Slave zones appear closer to what I want. Of course they aren't working either. |
Quote:
Regarding your problem, the only difference I can see from here, is that resolving sharoncave.ca using 208.88.5.245 gives a SERVFAIL, not a REFUSED as it did earlier |
Is recursion a prerequisite for forwarding?
At this point, I'm actually questioning if forwarding is what I want. |
Quote:
You need recursion if you want to use your dns as a caching nameserver (resolver) you your clients. Have a look here for more details. |
So I can have both non-recursion and forwarding. Do I want forwarding?
As I now understand it, based on
Forwarding behaves like this (not the behaviour I am trying to achieve): Code:
0 This is the behaviour I am trying to achieve this: Code:
0 |
Quote:
The authoritatives nameservers for your domain are 208.88.5.245 208.88.6.207, that both give a SERVFAIL (instead of REDUSED previously) Anyway looking closer at named.conf you've posted, you have Quote:
|
Quote:
I want the behaviour identified here. If that is called "forwarding", then "yes", otherwise "no". |
I'm not sure if I understand well your figures, so I'm trying to explain how your dns is supposed to work.
When a client on the internet wants to visit sharoncave.ca, it queries his dns. His dns looks a way to resolve the domain and somehow it finds that the authoritative nameservers are 208.88.5.245 208.88.6.207, so it has to ask one of them. Say it queries 208.88.5.245.If this server was working correctly, it will forward the query to 208.88.4.232, get the A RR and give the answer to the client. This is dns forwarding, so make sure that this is what you're trying to achieve. Now both the authoritative nameservers fail because of some misconfiguration (see my previous post if that's the case), so no one can do its job to resolve your domain. |
I think it would be best if I used a master/slave configuration (slave=208.88.5.245, master=208.88.4.232). I believe this behaviour best matches my desired results. I will spend a few days tinkering with that on my own.
One last question: Does 208.88.4.232 appear to be working correctly at this point (it does to me)? |
Quote:
The fact is, that now I cannot connect to 208.88.4.232 so I can use it as a resolver for your domain, but I can ping it. Quote:
Regards |
I seem to have this problem now:
http://www.google.ca/url?sa=t&rct=j&...pdZGO5smSLhbrQ Thanks for your help but suddenly I am dealing with more fundamental problems. |
All times are GMT -5. The time now is 11:18 PM. |