Bind : resolve internal zones, forward Internet zones
by ychaouche from LinuxQuestions.org on (#4TY86)
Windows DNS server has this cool feature where you can add forwarders that will only be used if the zone can't be resolved by the DNS server.
Attachment 31801
I tried to do the same with bind using Code:forwarders {};, Code:forward only; and Code:forward first;, neither worked.
In the follwing trace I try to resolve eprs.dz for which my server has a stub zone
Code:zone "eprs.dz." {
type stub;
masters {192.168.100.11;192.168.100.21;};
file "/etc/bind/slave/eprs.dz.db";
};
Code:## forward only
root@dns-s 11:44:41 ~ # dig eprs.dz
; <<>> DiG 9.9.5-9+deb8u16-Debian <<>> eprs.dz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23180
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;eprs.dz. IN A
;; Query time: 58 msec
;; SERVER: 10.10.10.7#53(10.10.10.7)
;; WHEN: Sun Nov 10 11:44:42 CET 2019
;; MSG SIZE rcvd: 36
## forward first
root@dns-s 11:44:42 ~ # rndc reload
server reload successful
root@dns-s 11:44:51 ~ # dig eprs.dz
; <<>> DiG 9.9.5-9+deb8u16-Debian <<>> eprs.dz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3917
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;eprs.dz. IN A
;; Query time: 47 msec
;; SERVER: 10.10.10.7#53(10.10.10.7)
;; WHEN: Sun Nov 10 11:44:53 CET 2019
;; MSG SIZE rcvd: 36
root@dns-s 11:44:53 ~ # rndc reload
server reload successful
# commented out forwarding options
root@dns-s 11:45:21 ~ # dig eprs.dz
; <<>> DiG 9.9.5-9+deb8u16-Debian <<>> eprs.dz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18295
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;eprs.dz. IN A
;; ANSWER SECTION:
eprs.dz. 600 IN A 192.168.100.21
eprs.dz. 600 IN A 192.168.100.11
;; AUTHORITY SECTION:
eprs.dz. 3600 IN NS dc-server-p.eprs.dz.
eprs.dz. 3600 IN NS dc-server-s.eprs.dz.
;; Query time: 1 msec
;; SERVER: 10.10.10.7#53(10.10.10.7)
;; WHEN: Sun Nov 10 11:45:23 CET 2019
;; MSG SIZE rcvd: 120
root@dns-s 11:45:23 ~ #
Attached Thumbnails
Attachment 31801
I tried to do the same with bind using Code:forwarders {};, Code:forward only; and Code:forward first;, neither worked.
In the follwing trace I try to resolve eprs.dz for which my server has a stub zone
Code:zone "eprs.dz." {
type stub;
masters {192.168.100.11;192.168.100.21;};
file "/etc/bind/slave/eprs.dz.db";
};
Code:## forward only
root@dns-s 11:44:41 ~ # dig eprs.dz
; <<>> DiG 9.9.5-9+deb8u16-Debian <<>> eprs.dz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23180
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;eprs.dz. IN A
;; Query time: 58 msec
;; SERVER: 10.10.10.7#53(10.10.10.7)
;; WHEN: Sun Nov 10 11:44:42 CET 2019
;; MSG SIZE rcvd: 36
## forward first
root@dns-s 11:44:42 ~ # rndc reload
server reload successful
root@dns-s 11:44:51 ~ # dig eprs.dz
; <<>> DiG 9.9.5-9+deb8u16-Debian <<>> eprs.dz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3917
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;eprs.dz. IN A
;; Query time: 47 msec
;; SERVER: 10.10.10.7#53(10.10.10.7)
;; WHEN: Sun Nov 10 11:44:53 CET 2019
;; MSG SIZE rcvd: 36
root@dns-s 11:44:53 ~ # rndc reload
server reload successful
# commented out forwarding options
root@dns-s 11:45:21 ~ # dig eprs.dz
; <<>> DiG 9.9.5-9+deb8u16-Debian <<>> eprs.dz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18295
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;eprs.dz. IN A
;; ANSWER SECTION:
eprs.dz. 600 IN A 192.168.100.21
eprs.dz. 600 IN A 192.168.100.11
;; AUTHORITY SECTION:
eprs.dz. 3600 IN NS dc-server-p.eprs.dz.
eprs.dz. 3600 IN NS dc-server-s.eprs.dz.
;; Query time: 1 msec
;; SERVER: 10.10.10.7#53(10.10.10.7)
;; WHEN: Sun Nov 10 11:45:23 CET 2019
;; MSG SIZE rcvd: 120
root@dns-s 11:45:23 ~ #
Attached Thumbnails