BIND forwarding zone / Proxy zone? How?

BIND forwarding zone / Proxy zone? How?

Post by kurcza » Sun, 02 Jul 2006 20:45:22



Hi,

I've the following problem:

I have a machine IP x.x.x.x with bind 9.3 which is authoritative master
for a number of domains.  There is a private network behind x.x.x.x
using 10.1.1.0/24

Now I want to delegate a globally visible subdomain "sub.domain.com" to
another machine on the private network, e.g. 10.1.1.1 - more
specifically I want that all queries for sub.domain.com are being
answered by bind on 10.1.1.1 (and I would even like to use a port
different than 53 there, e.g. 5353)

It is clear that I can not do in the global DNS for domain.com a
delegation like "sub IN NS 10.1.1.1", thus I tried the following:

global delegation in domain.com:

"sub IN NS x.x.x.x"

added in the config of BIND on x.x.x.x:

zone "sub.domain.com" in {
        type forward;
        forward only;
        forwarders { 10.1.1.1 port 5353 ; };

Quote:};

But: THIS DOES NOT WORK :-(

More precisely:

- if I type (from any outside IP on the internet, or from local IP or
x.x.x.x):

"host test.sub.domain.com x.x.x.x"

it works as intended - the bind on x.x.x.x gets the query and generates
a query to 10.1.1.1 on port 5353!

- but if I type (from any outside IP on the internet) that is use the
available local DNS server to resolve it:

"host test.sub.domain.com"

I see that the query (from IP's local DNS resolver) arrives at x.x.x.x
(tcpdump) but bind on x.x.x.x IMMEDIATELY responds with ServFail
WITHOUT even generating a query to 10.1.1.1 !!!!!

I really don't understand why is this? I tried even to open all ACLs
etc - did not help! Seems really that it works only if x.x.x.x is asked
directly by a client but does not work if the client asks through its
local DNS server?

Can anyone explain that - and how to do it right?

:-(

 
 
 

BIND forwarding zone / Proxy zone? How?

Post by kurcza » Sun, 02 Jul 2006 20:47:01


Hi,

I've the following problem:

I have a machine IP x.x.x.x with bind 9.3 which is authoritative master
for a number of domains.  There is a private network behind x.x.x.x
using 10.1.1.0/24

Now I want to delegate a globally visible subdomain "sub.domain.com" to
another machine on the private network, e.g. 10.1.1.1 - more
specifically I want that all queries for sub.domain.com are being
answered by bind on 10.1.1.1 (and I would even like to use a port
different than 53 there, e.g. 5353)

It is clear that I can not do in the global DNS for domain.com a
delegation like "sub IN NS 10.1.1.1", thus I tried the following:

global delegation in domain.com:

"sub IN NS x.x.x.x"

added in the config of BIND on x.x.x.x:

zone "sub.domain.com" in {
        type forward;
        forward only;
        forwarders { 10.1.1.1 port 5353 ; };

Quote:};

But: THIS DOES NOT WORK :-(

More precisely:

- if I type (from any outside IP on the internet, or from local IP or
x.x.x.x):

"host test.sub.domain.com x.x.x.x"

it works as intended - the bind on x.x.x.x gets the query and generates
a query to 10.1.1.1 on port 5353!

- but if I type (from any outside IP on the internet) that is use the
available local DNS server to resolve it:

"host test.sub.domain.com"

I see that the query (from IP's local DNS resolver) arrives at x.x.x.x
(tcpdump) but bind on x.x.x.x IMMEDIATELY responds with ServFail
WITHOUT even generating a query to 10.1.1.1 !!!!!

I really don't understand why is this? I tried even to open all ACLs
etc - did not help! Seems really that it works only if x.x.x.x is asked
directly by a client but does not work if the client asks through its
local DNS server?

Can anyone explain that - and how to do it right?

:-(

 
 
 

1. Creating a "zone" from another "zone" (from another "zone" (from another "zone" )) ...

Hi!

----

Is it possible to create a Solaris "zone" from another (=not the
"global" one) zone ?
For example: Can I create a zone for a user and permit the user to
create another bunch of zones which inherit from his current zone (and
that user permits his users to create their own "zones", too) ?

Example:

global_zone
   |
   |
   +--user_zone_1
         |
         |
         +-- user_zone_1__1
         |
         |
         |
         +--user_zone_1__2
         |     |
         |     |
         |     +--user_zone_1__2__1
         |     |     |
         |     |     |
         |     |     +--user_zone_1__2__1__1
         |     |     |
         |     .     .
         |     .     .
         |     .     .
         |     .
         |     .
         |
         |
         |
         +--user_zone_1__3
         |
         |
         .
         .
         .

----

Bye,
Roland

--
  __ .  . __

  \__\/\/__/  MPEG specialist, C&&JAVA&&Sun&&Unix programmer
  /O /==\ O\  TEL +49 2426 901568 FAX +49 2426 901569
 (;O/ \/ \O;)

2. Mail-only Account?

3. Advice sought: global zone pkgs vs. local zone pkgs

4. Tornado PnP 33k6 Modem and Linux

5. Zones within a Zone?

6. glibc upgrade

7. Configuring packages from zone to zone

8. unresolved symbols?

9. zone file for single IP zone?

10. zones - problem with configuring another, new zone

11. Solaris 10 zones - communication between zones

12. BIND...limiting zone transfers

13. Cannot redefine zone (Bind 8)