1. Forum
  2. USENET
  3. comp.protocols.dns.bind

  • Re: "forward first" set on a master zone not working as expected

    From Matus UHLAR - fantomas@uhlar@fantomas.sk to bind-users on Thu Sep 3 09:51:28 2020
    From Newsgroup: comp.protocols.dns.bind

    On 02.09.20 15:00, Taylor Vierrether via bind-users wrote:
    I am attempting to set up an internal DNS server that is authoritative for internal resources, but also will respond for external resources on the
    same domain that it does not have records for.

    For example, I have a domain sub.example.com , and I want to have internal entries in the BIND zone file for host1.sub.example.com and host2.sub.example.com. That part is working fine. However, there is a publicly available DNS entry for sub.example.com that I want my internal clients to be able to resolve, but I donrCOt want to have the IP in the BIND zone file, because the IP is dynamic.

    you can delegate that entry elsewhere.

    There are also some hosts (host3.sub.example.com ) and (host4.sub.example.com) that are externally resolvable that I donrCOt want
    to put in my internal BIND file because they are not controlled by me. (Think CNAME to a SaaS application)

    you can delegate those records somewhere.

    IrCOve attempted to do this as follows, and it seems to make sense that it
    would work, but it does not.


    named.conf:

    zone rCLsub.example.com" IN {
    type master;
    file "/etc/bind/sub.example.com.zone";
    forward first;
    forwarders { 1.1.1.1; 1.0.0.1; };
    };

    forwarding is not used for zone other than "type forward".

    What actually happens, is if I query for sub.example.com I get the following from nslookup:
    *** Can't find sub.example.com: No answer

    if you search for "sub.example.com" record, you can not delegate that one,
    of course.

    you apparently should use redesign your DNS. Easiest way would be using different domain internally.

    And if I query for host3.example.com , I get the following from nslookup:
    ** server can't find host3.sub.example.com: NXDOMAIN

    note that nslookup is very bad program for tracking DNS errors.
    use "host" or "dig" for that case.
    --
    Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
    Warning: I wish NOT to receive e-mail advertising to this address.
    Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
    I just got lost in thought. It was unfamiliar territory.
    --- Synchronet 3.21d-Linux NewsLink 1.2