Authoritative for one domain, caching for the rest

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Authoritative for one domain, caching for the rest

Olivier
Hello

After reading [1]and many trials, I couldn't figure how to set a Bind9 (9.11.5 on Debian Buster) server to operate this way:

- server has two Ethernet interfaces, one connected to foo.lan/192.168.51.0/24 domain/network, the other connected to bar.lan/192.168.43.0/24 domain/network
- I want it to resolve for bar.lan and for anything to query a DNS server available on foo.lan.

My anonymized /etc/bind/named.conf.local content is:

acl "good-guys" {
   localnets;
};

zone "bar.lan" {
   type master;
   file "/etc/bind/db.bar.lan";
   forwarders {};
   allow-query { "good-guys"; };
};

zone "43.168.192-in-addr.arpa" {
   type master;
   file "/etc/bind/rev.43.168.192.in-addr.arpa";
   forwarders {};
};

zone "foo.lan" {
   type master;
   file "/etc/bind/db.foo.lan";
   forwarders { 192.168.51.1; };
};

zone "51.168.192-in-addr.arpa" {
   type master;
   file "/etc/bind/rev.51.168.192.in-addr.arpa";
   forwarders { 192.168.51.1; };


Resolution works for:
bar.lan,
host1.foo.lan if entry present in /etc/bind/db.foo.lan
but it does not work for:
host2.foo.lan if entry not present in /etc/bind/db.foo.lan


Best regards

PS: Bind9 9.16.11 is present in Buster Backports. Is worth installing it ?

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Authoritative for one domain, caching for the rest

Matus UHLAR - fantomas
On 24.03.21 17:08, Olivier wrote:

>After reading [1]and many trials, I couldn't figure how to set a Bind9
>(9.11.5 on Debian Buster) server to operate this way:
>
>- server has two Ethernet interfaces, one connected to foo.lan/
>192.168.51.0/24 domain/network, the other connected to bar.lan/
>192.168.43.0/24 domain/network
>- I want it to resolve for bar.lan and for anything to query a DNS server
>available on foo.lan.
>
>My anonymized /etc/bind/named.conf.local content is:
>
>acl "good-guys" {
>   localnets;
>};
>
>zone "bar.lan" {
>   type master;
>   file "/etc/bind/db.bar.lan";
>   forwarders {};
>   allow-query { "good-guys"; };
>};
>
>zone "43.168.192-in-addr.arpa" {
>   type master;
>   file "/etc/bind/rev.43.168.192.in-addr.arpa";
>   forwarders {};
>};
>
>zone "foo.lan" {
>   type master;
>   file "/etc/bind/db.foo.lan";
>   forwarders { 192.168.51.1; };
>};
>
>zone "51.168.192-in-addr.arpa" {
>   type master;
>   file "/etc/bind/rev.51.168.192.in-addr.arpa";
>   forwarders { 192.168.51.1; };
>
>
>Resolution works for:
>bar.lan,
>google.com
>host1.foo.lan if entry present in /etc/bind/db.foo.lan
>but it does not work for:
>host2.foo.lan if entry not present in /etc/bind/db.foo.lan

"file" is used in master and slave zones.
"forwarders" is used in "type forward" zones.

those are mutually-exclusice, so forwarders aren't used for master and
slave zones, while "file" is not used for "type forward" zones.

Maybe you want something like dnsmasq?


--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in the Internet of life (userfriendly.org)
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users