bind9: configuration: non-authoritative zone

tilman1 · 05-09-2008, 10:59 AM

Hello,

I have a name server installed servicing my private network. DNS queries outside this network are forwarded to the the DNS of my ISP.

Now, I would like to add DNS resolution of an additional domain that I temporarily connect to via IPSEC. The DNS of my network shall return the name server of the temporarily connected domain to asking clients.
I guess I have to add a glue record for the name server of the additional domain. I am however unsure how to do that. A sample would be appreciated.

Thanks
Tilman

tilman1 · 05-10-2008, 10:54 AM

I guess something like this might be the answer to my question. I am just not to sure what it does, and it is not working as intended.
The idea is to forward all request orginating from mydomain to the name server of subdomain.myotherdomain.com. 10.0.0.11 is the DNS of subdomain.myotherdomain.com

/etc/named.conf
zone "subdomain.myotherdomain.com" in {
type forward;
forwarders { 10.0.0.11; };
};

zone "0.10.in-addr.arpa" IN {
type forward;
forwarders { 10.0.0.11; };
};

The name server of subdomain.myotherdomain.com seems not to answer the DNS request. I wonder whether is issue lies with the domain server of subdomain.myotherdomain.com or with the name server of mydomain. Can anybody comment on that ?

Thanks

JimBass · 05-11-2008, 02:15 AM

Quote:

The DNS of my network shall return the name server of the temporarily connected domain to asking clients.

That won't work at all. Your server can't tell the clients another server to ask, that isn't the way DNS is designed. Your server must answer the client, the client won't go ask another box.

Forwarding will do that, but the DNS server does the work. If a client asks for an address on the specified domain, your DNS server can be set to forward that request to the appropriate DNS server on the other side of the IPSEC connection, but it cannot dump that responsibility on the client, the client only knows how to ask its defined DNS box.

These links can help you with the setup of the zone, and I could help more if you used specific examples.

http://www.isc.org/sw/bind/arm93/Bv9...tement_grammar (specific)
http://www.isc.org/sw/bind/arm93/Bv9ARM.ch06.html (the full chapter, with more info)

Peace,
JimBass

tilman1 · 05-11-2008, 05:06 PM

Dear Jim

Thanks for the references. I reconfigured, and using the correct IP address for the DNS server, it works :-)

Best regards

Tilman