LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-25-2016, 02:57 PM   #1
aqoliveira
Member
 
Registered: Dec 2001
Location: Portugal
Distribution: /Red Hat/Fedora/Solaris
Posts: 622

Rep: Reputation: 30
Global forwarders not working in bind


I've currently installed bind ver9 and its working internally without any issue, my aim is for this server to be a recursive server. I currently have 2 additional DNS servers which are facing the internet and I would like for my new internal DNS server to use these as my authoritative servers.

Please note if i configure zone forwarders before and it works just fine but then I'm unable to resolve my internal hosts as planned.

I have enabled all parameters as seen below but with no success

All help appreciated thanks in advance

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 {
127.0.0.1;
10.100.70.4;
10.100.10.4;
};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
forwarders { 192.168.249.1; 192.168.249.3; };
allow-query {
any;
};
allow-query-cache {
any;
};
allow-recursion {
any;
};

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;

dnssec-enable yes;
dnssec-validation yes;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

zone "mydomain.com" IN {
type master;
file "forward.mydomain.db";
allow-update { none; };
};

zone "10.100.10.in-addr.arpa" IN {
type master;
file "reverse.mydomain.db";
allow-update { none; };
};

zone "70.100.10.in-addr.arpa" IN {
type master;
file "reverse.mydomain.db";
allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
 
Old 05-27-2016, 02:42 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,175
Blog Entries: 1

Rep: Reputation: 2042Reputation: 2042Reputation: 2042Reputation: 2042Reputation: 2042Reputation: 2042Reputation: 2042Reputation: 2042Reputation: 2042Reputation: 2042Reputation: 2042
Quote:
I've currently installed bind ver9 and its working internally without any issue, my aim is for this server to be a recursive server. I currently have 2 additional DNS servers which are facing the internet and I would like for my new internal DNS server to use these as my authoritative servers.
Please note if i configure zone forwarders before and it works just fine but then I'm unable to resolve my internal hosts as planned.
I have enabled all parameters as seen below but with no success
I really don't quite understand what you're trying to do.
If you want this nameserver be a caching (recursive) dns for your network and also use the other 2 to resolve your "internal hosts", i.e. host of the mydomain.com zone, then your should use the following:
Code:
<snip>
//forwarders { 192.168.249.1; 192.168.249.3; };
<snip>
zone "mydomain.com" IN {
type forward;
forwarders { 192.168.249.1; 192.168.249.3; };
//allow-update { none; };
};
<snip>
If that's not what you want, please try to explain better your needs.

Regards
 
Old 05-27-2016, 03:39 AM   #3
aqoliveira
Member
 
Registered: Dec 2001
Location: Portugal
Distribution: /Red Hat/Fedora/Solaris
Posts: 622

Original Poster
Rep: Reputation: 30
Apologies for my poor wording of my question but at that point in time my brain was fried.

That said I found the basic error and it seems that it was nothing to do with my forwarders but the configuration.

I created the new DNS as an authoritative server which clashed with the original DNS which had the same domain name.

I know it was a noob mistake but it happens sometimes

Thanks for the help btw
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
create another domain with different zone and forwarders - bind pedenski Linux - Newbie 2 05-13-2013 01:23 AM
[SOLVED] BIND 9.7: does it optimise amongst forwarders like dnsmasq? catkin Linux - Server 1 12-15-2011 04:27 AM
Increasing BIND forwarders timeout WojtekO Linux - Networking 3 04-28-2011 06:57 AM
DNS forwarders not working lapthorn Linux - Networking 4 06-21-2008 01:19 PM
BIND 9.2.3 doesn't accept ACL's in forwarders statement? Edaph Linux - Networking 1 05-15-2004 09:02 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration