DNS forwarders setup not working
 

Hi,

I am trying to setup a DNS server; where any names that can't be resolved would be forwarded to another server. In my local server, in the named.conf file, under options; I added the forwarders address as follows:

forwarders {
1.1.1.1;
};

The 1.1.1.1 above should have resolution for any outside addresses like yahoo.com and google.com ...etc

However, when I tried to ping yahoo.com from one of my internal machines, I couldn't get to yahoo.com.

What am I doing wrong? Please help.

give me output of following commands :

i suppose your dns server ip addr is 10.10.10.11/24

at ur DNS server
#dig @4.2.2.4 google.com

at one of your lan computer except dns server :
#ping 10.10.10.11
#dog @10.10.10.11 google.com

Hi,

You should add
so your nameserver will forward the query to 1.1.1.1 before trying to answer by itself.

Regards

Bathory - thanks for the suggestion; I tried adding "forward first", but it didn't work.

Let me try explaining better:

1. I have a client computer
2. I have server A - IP is: 2.2.2.2 (just an example)
3. I have server B - IP is 1.1.1.1 (just an example)

In client A; if I put the IP of server A in the resolv.conf (nameserver 2.2.2.2), I could ping all the local domain names (eg: mydomain.com...etc).

Also, in client A; if I put the IP of server B in the resolv.conf (nameserver 1.1.1.1), I could ping yahoo.com, google.com (all external domains).

However, if I define nameserver 2.2.2.2 in the resolv.conf of client A, and on 2.2.2.2 server (in named.conf) setup my forwarders as follows:

forward first;
forwarders {
1.1.1.1;
};

I could only ping the local domains,but can't ping yahoo.com or any other external networks.

Please help.

Thanks.

Hi,

You should give more details about those A and B servers.
I guess that 2.2.2.2 is (a local dns) authoritative for your domain and 1.1.1.1 is a forwarder (your ISP dns or a caching dns).
If that's the case you can add the hint zone (aka ".") in 2.2.2.2 and remove the forward stuff. E.g in named.conf use:
You can also have a look here, for the various types of name servers to see how you can combine them for your case.

Regards

Bathory; You understood correctly. The 1.1.1.1 forwards all the ISP requests, and 2.2.2.2 is my local dns, which forwards all ISP requests to 1.1.1.1.

If I remove the forward declaration in 2.2.2.2, how does it know to forward my ISP requests to 1.1.1.1? This is all new to me, so please help me understand a little more.

Thanks for your time.

Here is my named.conf file.
================
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "my-web.com" {
type master;
notify no;
allow-query { any; 127.0.0.1; };
file "my-web.com";
};

zone "192.168.1.in-addr.arpa" {
type master;
notify no;
allow-query { any; };
file "192-168-1.zone";
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
=================================

Thanks

Hi,

That is what the hint zone does. It has a list of root servers, that your server can ask to resolve domain it's not authoritative for.
Did you try to resolve external domains using your dns as the resolver?

No, all I did was change my resolv.conf in the host to directly point to my external server (server B), and I was able to reach external domains, such as yahoo and google.

for example:

nameserver 1.1.1.1

What I really want to do change resolv.conf in my host to point to 2.2.2.2 (server A), and have it forward my request to 1.1.1.1 (server B)

for example:

nameserver 2.2.2.2

Then in my named.conf file on server A, I want to add a directive, such that any requests it can't resolve, it sends it to 1.1.1.1 (my external server)

I hope this helps to clarify what I am trying to do?

Thanks again

Hi,

Use 2.2.2.2 in client's /etc/resolv.conf and use the /etc/named.conf from post #7 for the nameserver configuration.
This way the nameserver can resolve your domain and ask the upsteram nameservers for the external domains it can't resolve using the hint zone.

If you, for some reason, cannot use the hint zone and need to use only 1.1.1.1 then you have to add a null forwarders for your zone(s). E.g.
Some other things you need to change:
I don't think you need the allow-query options.
Also you should remove the "recursion yes" from the global options and use:
The reverse zone name is wrong. It should be zone "1.168.192.in-addr.arpa"

Regards

Thanks for putting in all the time to help
 

Bathory,

Thank you for puting in so much time to help me out. I will try these tomorrow, and let you know the result.

Thanks again.

Bathory,

Well, I couldn't wait till tomorrow to try this out; I came in the office and tried it. It works!
Can't find the words to express my gratitude.

Thanks