LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   DNS BIND--Forwarding Not Working (http://www.linuxquestions.org/questions/linux-server-73/dns-bind-forwarding-not-working-719114/)

machismo64 04-14-2009 04:30 PM

DNS BIND--Forwarding Not Working
 
I am running BIND 9.3 which I configured exclusively using the system-config-bind GUI.

I have a master zone on this server (.c) and it works perfectly--meaning that clients pointing to this server can resolve names in that zone.

I also have two zones set up for forwarding. They both work from the server itself (meaning if I type in hostname.xxxxx.com, the name resolves as it should). However, remote clients are unable to resolve names on the forward zones (meaning if they try to hit hostname.xxxxx.com or hostname.yyyyy.com, they do not get a hit)

Any ideas?



Here is my named.config file:






// Enterprise Linux BIND Configuration Tool
//
// Default initial "Caching Only" name server configuration
//

options {


directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};





zone "xxxxx.com." IN {
type forward;
forwarders { 10.120.117.13;
10.132.201.50;
};
};


zone "yyyyy.net." IN {
type forward;
forwarders { 10.208.160.13;
10.208.160.14;
};
};










zone "c." IN {
type master;
file "c.db";
};
zone "." IN {
type hint;
file "named.root";
};

zone "localdomain." IN {
type master;
file "localdomain.zone";
allow-update { none; };
};

zone "localhost." IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa." IN {
type master;
file "named.local";
allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." IN {
type master;
file "named.ip6.local";
allow-update { none; };
};





include "/etc/rndc.key";

archangel_617b 04-15-2009 11:50 AM

Anything in your system logs about why queries are being denied? You may need to add an allow-query option (or allow-recursion, or something like that) for either the server or the zones in question.

- Arch

machismo64 04-15-2009 04:46 PM

I am not sure what logging I would look at for this, but allow-query is not a valid option for a forwarding zone. I am really looking for something that would restrict remote users from using this kind of zone by default but allow local users to properly resolve to forwarding zones.

archangel_617b 04-15-2009 06:17 PM

/var/log/messages in RedHat (and derived) systems, /var/log/syslog under Debian.

- Arch


All times are GMT -5. The time now is 10:10 PM.