DNS forwarders setup not working
Hi,
I am trying to setup a DNS server; where any names that can't be resolved would be forwarded to another server. In my local server, in the named.conf file, under options; I added the forwarders address as follows: forwarders { 1.1.1.1; }; The 1.1.1.1 above should have resolution for any outside addresses like yahoo.com and google.com ...etc However, when I tried to ping yahoo.com from one of my internal machines, I couldn't get to yahoo.com. What am I doing wrong? Please help. |
Quote:
i suppose your dns server ip addr is 10.10.10.11/24 at ur DNS server #dig @4.2.2.4 google.com at one of your lan computer except dns server : #ping 10.10.10.11 #dog @10.10.10.11 google.com |
Hi,
You should add Code:
forward first; Regards |
Bathory - thanks for the suggestion; I tried adding "forward first", but it didn't work.
Let me try explaining better: 1. I have a client computer 2. I have server A - IP is: 2.2.2.2 (just an example) 3. I have server B - IP is 1.1.1.1 (just an example) In client A; if I put the IP of server A in the resolv.conf (nameserver 2.2.2.2), I could ping all the local domain names (eg: mydomain.com...etc). Also, in client A; if I put the IP of server B in the resolv.conf (nameserver 1.1.1.1), I could ping yahoo.com, google.com (all external domains). However, if I define nameserver 2.2.2.2 in the resolv.conf of client A, and on 2.2.2.2 server (in named.conf) setup my forwarders as follows: forward first; forwarders { 1.1.1.1; }; I could only ping the local domains,but can't ping yahoo.com or any other external networks. Please help. Thanks. |
Hi,
You should give more details about those A and B servers. I guess that 2.2.2.2 is (a local dns) authoritative for your domain and 1.1.1.1 is a forwarder (your ISP dns or a caching dns). If that's the case you can add the hint zone (aka ".") in 2.2.2.2 and remove the forward stuff. E.g in named.conf use: Code:
zone "." { Regards |
Bathory; You understood correctly. The 1.1.1.1 forwards all the ISP requests, and 2.2.2.2 is my local dns, which forwards all ISP requests to 1.1.1.1.
If I remove the forward declaration in 2.2.2.2, how does it know to forward my ISP requests to 1.1.1.1? This is all new to me, so please help me understand a little more. Thanks for your time. |
Here is my named.conf file.
================ // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; }; recursion yes; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "my-web.com" { type master; notify no; allow-query { any; 127.0.0.1; }; file "my-web.com"; }; zone "192.168.1.in-addr.arpa" { type master; notify no; allow-query { any; }; file "192-168-1.zone"; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; ================================= Thanks |
Hi,
That is what the hint zone does. It has a list of root servers, that your server can ask to resolve domain it's not authoritative for. Did you try to resolve external domains using your dns as the resolver? |
No, all I did was change my resolv.conf in the host to directly point to my external server (server B), and I was able to reach external domains, such as yahoo and google.
for example: nameserver 1.1.1.1 What I really want to do change resolv.conf in my host to point to 2.2.2.2 (server A), and have it forward my request to 1.1.1.1 (server B) for example: nameserver 2.2.2.2 Then in my named.conf file on server A, I want to add a directive, such that any requests it can't resolve, it sends it to 1.1.1.1 (my external server) I hope this helps to clarify what I am trying to do? Thanks again |
Hi,
Use 2.2.2.2 in client's /etc/resolv.conf and use the /etc/named.conf from post #7 for the nameserver configuration. This way the nameserver can resolve your domain and ask the upsteram nameservers for the external domains it can't resolve using the hint zone. If you, for some reason, cannot use the hint zone and need to use only 1.1.1.1 then you have to add a null forwarders for your zone(s). E.g. Code:
zone "my-web.com" { I don't think you need the allow-query options. Also you should remove the "recursion yes" from the global options and use: Code:
allow-recursion { Regards |
Thanks for putting in all the time to help
Bathory,
Thank you for puting in so much time to help me out. I will try these tomorrow, and let you know the result. Thanks again. |
Bathory,
Well, I couldn't wait till tomorrow to try this out; I came in the office and tried it. It works! Can't find the words to express my gratitude. Thanks |
All times are GMT -5. The time now is 11:30 PM. |